I have had this virus bugging me for about 3 days now ive noticed my computer getting slower and i want to fix it before it gets to late. There is a pop up from avast about every 45 seconds saying i have this virus. Ive tried AVG/Avast/Malwarebytes and Spybot Search and destroy and even though they have all shown i have this virus none of them can get rid of it. Help is appreciated
Thanks! 
Hi there lets get to the root of this
Download OTL to your Desktop
Secondary link
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
Thanks for the quick reply trying this right now ill get back to you right away
OK I will be here on and off most of the day
it says 10000 characters so im going to need to break each one into like 5/6 parts or is there away to get the whole text file on in one go?
OTL logfile created on: 3/15/2013 11:39:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zach\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.23% Memory free
8.00 Gb Paging File | 5.56 Gb Available in Paging File | 69.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.33 Gb Total Space | 678.27 Gb Free Space | 73.94% Space Free | Partition Type: NTFS
Drive D: | 278.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: ZACH-PC | User Name: Zach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/15 11:37:41 | 000,602,112 | ---- | M] (OldTimer Tools) β C:\Users\Zach\Downloads\OTL.exe
PRC - [2013/03/14 20:53:45 | 003,093,624 | ---- | M] () β C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) β C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) β C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/25 08:39:34 | 001,602,984 | ---- | M] (Valve Corporation) β C:\Program Files (x86)\Steam\steam.exe
PRC - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) β C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/02/18 20:07:11 | 001,151,152 | ---- | M] () β C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/02/18 20:07:11 | 000,968,880 | ---- | M] () β C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/01/08 04:40:56 | 002,610,896 | ---- | M] (DT Soft Ltd) β C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) β C:\Program Files (x86)\Malwarebytesβ Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) β C:\Program Files (x86)\Malwarebytesβ Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) β C:\Program Files (x86)\Malwarebytesβ Anti-Malware\mbamscheduler.exe
PRC - [2012/11/26 16:12:31 | 000,075,136 | ---- | M] () β C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) β C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) β C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/01/17 16:09:42 | 000,563,104 | ---- | M] (Affinegy, Inc.) β C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2012/01/17 16:09:40 | 001,884,576 | ---- | M] (Affinegy, Inc.) β C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2012/01/17 16:09:38 | 007,029,664 | ---- | M] (Affinegy, Inc.) β C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/11/11 19:18:24 | 000,059,240 | ---- | M] (Apple Inc.) β C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) β C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) β C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) β C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/09/03 02:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) β C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2009/12/23 16:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) β C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/12/23 16:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) β C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () β \.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () β \.\globalroot\systemroot\svchost.exe
PRC - [2009/06/04 18:10:56 | 005,777,408 | ---- | M] () β C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) β C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
Could you attach the log please
Details here about one third the way down http://forum.avast.com/index.php?topic=53253.0
========== Modules (No Company Name) ==========
MOD - [2013/03/14 20:53:45 | 003,093,624 | ---- | M] () β C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013/02/25 08:39:32 | 000,988,584 | ---- | M] () β C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/02/19 12:48:10 | 020,340,648 | ---- | M] () β C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/02/18 20:07:11 | 001,151,152 | ---- | M] () β C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/02/18 20:07:11 | 000,156,848 | ---- | M] () β C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2012/12/18 19:28:50 | 000,647,168 | ---- | M] () β C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/11 10:51:10 | 001,100,800 | ---- | M] () β C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 10:51:10 | 000,192,000 | ---- | M] () β C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 10:51:10 | 000,124,416 | ---- | M] () β C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/01/17 16:09:50 | 000,022,944 | ---- | M] () β C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2012/01/17 15:27:56 | 000,669,696 | ---- | M] () β C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () β C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () β C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () β C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () β C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () β C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () β C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () β C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2009/09/29 23:33:07 | 000,024,576 | ---- | M] () β C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/06/04 18:10:56 | 005,777,408 | ---- | M] () β C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009/03/25 19:53:14 | 000,053,248 | ---- | M] () β C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/01/15 17:55:10 | 000,565,248 | ---- | M] () β C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] β C:\Program Files\AVAST Software\Avast\AvastSvc.exe β (avast! Antivirus)
SRV:64bit: - [2010/10/27 03:51:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] β C:\Windows\SysNative\atiesrxx.exe β (AMD External Events Utility)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] β C:\Program Files\Windows Live\Mesh\wlcrasvc.exe β (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Program Files\Windows Defender\MpSvc.dll β (WinDefend)
SRV - [2013/03/14 11:05:40 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] β C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe β (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/14 10:49:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] β C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe β (MozillaMaintenance)
SRV - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] β C:\Program Files (x86)\Common Files\Steam\SteamService.exe β (Steam Client Service)
SRV - [2013/02/18 20:07:11 | 000,968,880 | ---- | M] () [Auto | Running] β C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe β (vToolbarUpdater14.2.0)
SRV - [2013/02/08 18:45:50 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] β C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe β (HiPatchService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] β C:\Program Files (x86)\Malwarebytesβ Anti-Malware\mbamservice.exe β (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] β C:\Program Files (x86)\Malwarebytesβ Anti-Malware\mbamscheduler.exe β (MBAMScheduler)
SRV - [2012/11/26 16:12:31 | 000,075,136 | ---- | M] () [Auto | Running] β C:\Windows\SysWOW64\PnkBstrA.exe β (PnkBstrA)
SRV - [2012/10/10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] β C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe β (nvUpdatusService)
SRV - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] β C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe β (TeamViewer7)
SRV - [2012/07/13 13:28:36 | 000,160,944 | Rβ | M] (Skype Technologies) [Auto | Stopped] β C:\Program Files (x86)\Skype\Updater\Updater.exe β (SkypeUpdate)
SRV - [2012/01/17 16:09:42 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] β C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe β (AffinegyService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] β C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe β (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe β (sftlist)
SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] β C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe β (TeamViewer6)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] β C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe β (McComponentHostService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] β C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe β (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 16:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] β C:\Windows\SysWOW64\AsHookDevice.exe β (Device Handle Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] β C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe β (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] β C:\Windows\SysNative\drivers\aswSnx.sys β (aswSnx)
DRV:64bit: - [2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] β C:\Windows\SysNative\drivers\aswSP.sys β (aswSP)
DRV:64bit: - [2013/03/06 18:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\aswVmm.sys β (aswVmm)
DRV:64bit: - [2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] β C:\Windows\SysNative\drivers\aswRdr2.sys β (aswRdr)
DRV:64bit: - [2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] β C:\Windows\SysNative\drivers\aswTdi.sys β (aswTdi)
DRV:64bit: - [2013/03/06 18:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] β C:\Windows\SysNative\drivers\aswRvrt.sys β (aswRvrt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] β C:\Windows\SysNative\drivers\aswMonFlt.sys β (aswMonFlt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] β C:\Windows\SysNative\drivers\aswFsBlk.sys β (aswFsBlk)
DRV:64bit: - [2013/02/18 20:07:11 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] β C:\Windows\SysNative\drivers\avgtpx64.sys β (avgtp)
DRV:64bit: - [2013/01/17 14:38:55 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] β C:\Windows\SysNative\drivers\dtsoftbus01.sys β (dtsoftbus01)
DRV:64bit: - [2013/01/17 14:32:39 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] β C:\Windows\SysNative\drivers\sptd.sys β (sptd)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] β C:\Windows\SysNative\drivers\mbam.sys β (MBAMProtector)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\usbaapl64.sys β (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] β C:\Windows\SysNative\drivers\GEARAspiWDM.sys β (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\fssfltr.sys β (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] β C:\Windows\SysNative\drivers\fs_rec.sys β (Fs_Rec)
DRV:64bit: - [2012/02/22 06:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\mcaudrv_x64.sys β (mcaudrv_simple)
DRV:64bit: - [2012/01/11 02:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\mcvidrv_x64.sys β (ManyCam)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] β C:\Windows\SysNative\drivers\Sftvollh.sys β (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] β C:\Windows\SysNative\drivers\Sftplaylh.sys β (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] β C:\Windows\SysNative\drivers\Sftredirlh.sys β (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] β C:\Windows\SysNative\drivers\Sftfslh.sys β (Sftfs)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] β C:\Windows\SysNative\drivers\Rt64win7.sys β (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\amdsata.sys β (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] β C:\Windows\SysNative\drivers\amdxata.sys β (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\HpSAMD.sys β (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\TsUsbFlt.sys β (TsUsbFlt)
DRV:64bit: - [2010/10/27 05:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\atikmdag.sys β (atikmdag)
DRV:64bit: - [2010/10/27 05:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\atikmdag.sys β (amdkmdag)
DRV:64bit: - [2010/10/27 03:14:24 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\atikmpag.sys β (amdkmdap)
DRV:64bit: - [2010/03/02 07:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] β C:\Windows\SysNative\drivers\viahduaa.sys β (VIAHdAudAddService)
DRV:64bit: - [2010/01/27 21:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\AtiHdmi.sys β (AtiHdmiService)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] β C:\Windows\SysNative\drivers\usbfilter.sys β (usbfilter)
DRV:64bit: - [2009/11/10 04:11:32 | 000,234,040 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\ahcix64s.sys β (ahcix64s)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] β C:\Windows\SysNative\drivers\ASACPI.sys β (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\amdsbs.sys β (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\lsi_sas2.sys β (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\stexstor.sys β (stexstor)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\igdkmd64.sys β (igfx)
DRV:64bit: - [2009/06/10 16:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\netr28x.sys β (netr28x)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\evbda.sys β (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\bxvbda.sys β (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\b57nd60a.sys β (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] β C:\Windows\SysNative\drivers\hcw85cir.sys β (hcw85cir)
DRV:64bit: - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] β C:\Windows\SysNative\drivers\AtiPcie.sys β (AtiPcie)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] β C:\Windows\SysWOW64\drivers\wimmount.sys β (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: βURLβ = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: βURLβ = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: βProxyEnableβ = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: βProxyEnableβ = 0
IE - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: βProxyEnableβ = 0
IE - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: βProxyOverrideβ = *.local
========== FireFox ==========
FF - prefs.jsβ¦browser.search.selectedEngine: βBingβ
FF - prefs.jsβ¦browser.startup.homepage: βhttp://www.google.com/β
FF - prefs.jsβ¦extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.196.0
FF - prefs.jsβ¦extensions.enabledAddons: %7B687578b9-7132-4a7a-80e4-30ee31099e03%7D:3.18.0.7
FF - prefs.jsβ¦extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.jsβ¦extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.jsβ¦extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.jsβ¦extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.jsβ¦extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.jsβ¦extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.8.0.1073
FF - prefs.jsβ¦keyword.URL: βhttp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=β
FF:64bit: - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Users\Zach\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Users\Zach\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/15 10:21:54 | 000,000,000 | βD | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/14 10:49:02 | 000,000,000 | βD | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/14 10:48:53 | 000,000,000 | βD | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/14 10:49:02 | 000,000,000 | βD | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/14 10:48:53 | 000,000,000 | βD | M]
[2011/02/20 00:03:31 | 000,000,000 | βD | M] (No name found) β C:\Users\Zach\AppData\Roaming\Mozilla\Extensions
[2013/02/14 19:14:39 | 000,000,000 | βD | M] (No name found) β C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\dq93hrid.default\extensions
[2013/03/13 22:37:23 | 000,000,000 | βD | M] (uTorrentControl2 Community Toolbar) β C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\dq93hrid.default\extensions{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/11/26 15:59:33 | 000,000,000 | βD | M] (Battlefield Heroes Updater) β C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\dq93hrid.default\extensions\battlefieldheroespatcher@ea.com
[2012/10/30 12:40:16 | 000,000,000 | βD | M] (Ask Toolbar) β C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\dq93hrid.default\extensions\toolbar@ask.com
[2013/02/14 19:14:39 | 000,817,280 | ---- | M] () (No name found) β C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\dq93hrid.default\extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/14 10:48:52 | 000,000,000 | βD | M] (No name found) β C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/14 10:48:52 | 000,000,000 | βD | M] (Skype Click to Call) β C:\Program Files (x86)\Mozilla Firefox\extensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/14 10:48:52 | 000,000,000 | βD | M] (Java Console) β C:\Program Files (x86)\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/03/15 10:21:54 | 000,000,000 | βD | M] (avast! WebRep) β C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/03/14 10:49:01 | 000,263,064 | ---- | M] (Mozilla Foundation) β C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/17 14:40:21 | 000,000,000 | ---- | M] () β C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/03/14 10:48:56 | 000,002,465 | ---- | M] () β C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/14 10:48:56 | 000,002,086 | ---- | M] () β C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR - Extension: No name found = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR - Extension: No name found = C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Javaβ’ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Javaβ’ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Javaβ’ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLMβ¦\Run: File not found
O4 - HKLMβ¦\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLMβ¦\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLMβ¦\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLMβ¦\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLMβ¦\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLMβ¦\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLMβ¦\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLMβ¦\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19β¦\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20β¦\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001β¦\Run: [Best Buy pc app] C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms File not found
O4 - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001β¦\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001β¦\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001β¦\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001β¦\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001β¦\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19β¦\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20β¦\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra βToolsβ menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1328156809-3205407908-1351085036-1001..Trusted Domains: swiftirc.net ([qwebirc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{58BECAF4-A8B8-49F8-9CFA-7F138B0EF3E5}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/20 19:04:06 | 000,000,052 | ---- | M] () - D:\autorun.inf β [ UDF ]
O33 - MountPoints2{7160dbbb-3cae-11e0-bcf5-806e6f6e6963}\Shell - ββ = AutoRun
O33 - MountPoints2{7160dbbb-3cae-11e0-bcf5-806e6f6e6963}\Shell\AutoRun\command - ββ = D:\Belkin_Setup_and_Monitor_Install.exe β [2012/02/09 21:14:44 | 019,812,736 | ---- | M] ( )
O33 - MountPoints2\I\Shell - ββ = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - ββ = I:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk )
O35:64bit: - HKLM..comfile [open] β β%1β %
O35:64bit: - HKLM..exefile [open] β β%1β %*
O35 - HKLM..comfile [open] β β%1β %*
O35 - HKLM..exefile [open] β β%1β %*
O37:64bit: - HKLM.β¦com [@ = comfile] β β%1β %*
O37:64bit: - HKLM.β¦exe [@ = exefile] β β%1β %*
O37 - HKLM.β¦com [@ = comfile] β β%1β %*
O37 - HKLM.β¦exe [@ = exefile] β β%1β %*
O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/03/15 10:47:36 | 000,000,000 | βD | C] β C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/03/15 10:47:28 | 000,000,000 | βD | C] β C:\ProgramData\Spybot - Search & Destroy
[2013/03/15 10:47:28 | 000,000,000 | βD | C] β C:\Program Files (x86)\Spybot - Search & Destroy
[2013/03/15 10:29:03 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{C69E3485-E227-4FC7-AC52-4CB4156888DD}
[2013/03/15 10:12:51 | 000,000,000 | βD | C] β C:\d13da8e8d6cf54454680
[2013/03/14 22:28:27 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{B73BB9AF-E0A8-4F15-9425-4627C3751F48}
[2013/03/14 21:29:03 | 000,020,480 | ---- | C] (Microsoft Corporation) β C:\Windows\svchost.exe
[2013/03/14 20:54:51 | 000,000,000 | βD | C] β C:\Users\Zach\Desktop\League of Legends
[2013/03/14 20:52:27 | 000,000,000 | βD | C] β C:\Users\Zach.swt
[2013/03/14 18:56:47 | 000,000,000 | βD | C] β C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytesβ Anti-Malware
[2013/03/14 18:56:45 | 000,024,176 | ---- | C] (Malwarebytes Corporation) β C:\Windows\SysNative\drivers\mbam.sys
[2013/03/14 18:56:45 | 000,000,000 | βD | C] β C:\Program Files (x86)\Malwarebytesβ Anti-Malware
[2013/03/14 11:40:10 | 000,000,000 | βD | C] β C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/03/14 11:40:08 | 000,033,400 | ---- | C] (AVAST Software) β C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/03/14 11:40:07 | 000,377,920 | ---- | C] (AVAST Software) β C:\Windows\SysNative\drivers\aswSP.sys
[2013/03/14 11:40:02 | 000,070,992 | ---- | C] (AVAST Software) β C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/03/14 11:40:00 | 000,068,920 | ---- | C] (AVAST Software) β C:\Windows\SysNative\drivers\aswTdi.sys
[2013/03/14 11:39:56 | 001,025,808 | ---- | C] (AVAST Software) β C:\Windows\SysNative\drivers\aswSnx.sys
[2013/03/14 11:39:36 | 000,287,840 | ---- | C] (AVAST Software) β C:\Windows\SysNative\aswBoot.exe
[2013/03/14 11:39:36 | 000,080,816 | ---- | C] (AVAST Software) β C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/03/14 11:38:50 | 000,041,664 | ---- | C] (AVAST Software) β C:\Windows\avastSS.scr
[2013/03/14 11:38:36 | 000,000,000 | βD | C] β C:\Program Files\AVAST Software
[2013/03/14 11:37:33 | 000,000,000 | βD | C] β C:\ProgramData\AVAST Software
[2013/03/14 10:48:52 | 000,000,000 | βD | C] β C:\Program Files (x86)\Mozilla Firefox
[2013/03/14 10:27:57 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{BD86B430-82D7-480F-908A-F878EAA84C84}
[2013/03/14 10:21:45 | 000,000,000 | βD | C] β C:\Windows\Minidump
[2013/03/14 10:20:00 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{7B1A82A4-35A6-43E8-8332-DCD788822047}
[2013/03/13 13:48:09 | 000,000,000 | βD | C] β C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
[2013/03/13 13:47:42 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Roaming\AVG
[2013/03/13 13:44:24 | 000,000,000 | βD | C] β C:\ProgramData\AVG
[2013/03/13 11:30:36 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{D04EBAAE-4F05-40D6-9C38-D29FF96EE2DE}
[2013/03/13 00:46:06 | 000,000,000 | βD | C] β C:\Program Files\Microsoft Silverlight
[2013/03/12 16:31:02 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{553018D7-32C0-4E18-91B3-41B4BF2856FD}
[2013/03/11 21:31:59 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{D8666B1C-6C80-453B-87EA-35AA2E28E953}
[2013/03/11 09:31:18 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{6B989E7D-070C-49E2-A686-E6F9982ECA28}
[2013/03/10 09:19:09 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{93795B27-3ED3-4006-99E8-4C07686A6F61}
[2013/03/09 09:44:59 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{8DC93B6A-4FEE-4BF3-87E7-2ACC29B60411}
[2013/03/08 10:16:11 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{290CD2F5-D1CF-43A8-90C4-DC8AD46D94F3}
[2013/03/07 07:58:55 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{373D9A94-42F8-4289-B47E-EC20AE55D005}
[2013/03/06 21:08:36 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Roaming\TS3Client
[2013/03/06 21:08:01 | 000,000,000 | βD | C] β C:\Program Files (x86)\TeamSpeak 3 Client
[2013/03/06 09:20:58 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{992F75FA-0D9B-4A58-81A8-FD8516B933A2}
[2013/03/05 08:41:37 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{C294CEBE-9F7D-4E61-B197-22493B65CA29}
[2013/03/04 15:30:38 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{DC679E23-F259-4F23-9192-EA187724D48C}
[2013/03/02 10:08:54 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{4CA1B9B6-990A-4BF2-97A3-3EA10E2E4D3A}
[2013/02/28 16:48:32 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local\SplitMediaLabs
[2013/02/28 16:32:18 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Roaming\SplitMediaLabs
[2013/02/28 08:38:24 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{4A51248D-6E63-4E71-B92E-91291BAC2107}
[2013/02/27 08:39:16 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{BDD9642C-ECA9-4804-9065-9CE1E8BF3C3B}
[2013/02/26 08:38:05 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{7E92C554-15BE-4E3C-97C9-79D6D559E3B8}
[2013/02/25 08:50:24 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{E3F60607-7AFE-43C6-9268-47661EB0A466}
[2013/02/24 12:26:03 | 000,000,000 | βD | C] β C:\Users\Zach\Desktop\Honor bot
[2013/02/23 21:04:39 | 000,000,000 | βD | C] β C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test
[2013/02/23 21:04:39 | 000,000,000 | βD | C] β C:\Program Files (x86)\World of Warcraft Public Test
[2013/02/23 17:09:15 | 000,000,000 | βD | C] β C:\Users\Zach\Desktop\Moms music
[2013/02/23 09:23:33 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{C909C49A-C3C7-4FB6-B558-A3DA5528733D}
[2013/02/22 09:22:47 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{6064744C-5AB1-4D2B-8B8F-5D3CC9F9E17A}
[2013/02/21 21:22:11 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{53CE71CA-81A5-4456-A89E-B1EB80F245E7}
[2013/02/21 09:21:25 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{B3941F16-832A-4679-94F4-8FA216E8C78C}
[2013/02/20 10:05:47 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{6CF6DFC6-ED68-4086-B1B9-A6EE386EA5BC}
[2013/02/19 08:43:47 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{E1C1ED54-079B-4E72-8A0A-C0A25E2043DB}
[2013/02/18 10:06:46 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{38AAC44E-29F1-4290-9F08-7429F271E8D3}
[2013/02/17 08:45:14 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{5AE4B6A1-0F00-40EC-BC60-5ED881F8506E}
[2013/02/15 08:53:19 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{49D9DFF5-EACD-498D-B02B-945A25EF7102}
[2013/02/14 20:52:43 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{6D7F962E-939E-4D2C-81C9-0E4DC9C6E352}
[2013/02/14 08:52:06 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{3C62F6F1-0618-4529-A902-D01AD1A6C5F6}
[2013/02/14 08:40:54 | 000,000,000 | βD | C] β C:\ProgramData\Belkin
[2013/02/14 00:03:36 | 000,096,768 | ---- | C] (Microsoft Corporation) β C:\Windows\SysNative\mshtmled.dll
[2013/02/14 00:03:36 | 000,073,216 | ---- | C] (Microsoft Corporation) β C:\Windows\SysWow64\mshtmled.dll
[2013/02/14 00:03:35 | 000,176,640 | ---- | C] (Microsoft Corporation) β C:\Windows\SysWow64\ieui.dll
[2013/02/14 00:03:32 | 000,248,320 | ---- | C] (Microsoft Corporation) β C:\Windows\SysNative\ieui.dll
[2013/02/14 00:03:32 | 000,231,936 | ---- | C] (Microsoft Corporation) β C:\Windows\SysWow64\url.dll
[2013/02/14 00:03:32 | 000,173,056 | ---- | C] (Microsoft Corporation) β C:\Windows\SysNative\ieUnatt.exe
[2013/02/14 00:03:32 | 000,142,848 | ---- | C] (Microsoft Corporation) β C:\Windows\SysWow64\ieUnatt.exe
[2013/02/14 00:03:31 | 001,494,528 | ---- | C] (Microsoft Corporation) β C:\Windows\SysNative\inetcpl.cpl
[2013/02/14 00:03:31 | 001,427,968 | ---- | C] (Microsoft Corporation) β C:\Windows\SysWow64\inetcpl.cpl
[2013/02/14 00:03:31 | 000,237,056 | ---- | C] (Microsoft Corporation) β C:\Windows\SysNative\url.dll
[2013/02/14 00:03:30 | 002,312,704 | ---- | C] (Microsoft Corporation) β C:\Windows\SysNative\jscript9.dll
[2013/02/14 00:03:30 | 000,729,088 | ---- | C] (Microsoft Corporation) β C:\Windows\SysNative\msfeeds.dll
[2013/02/14 00:03:28 | 000,816,640 | ---- | C] (Microsoft Corporation) β C:\Windows\SysNative\jscript.dll
[2013/02/14 00:03:28 | 000,717,824 | ---- | C] (Microsoft Corporation) β C:\Windows\SysWow64\jscript.dll
[2013/02/14 00:03:28 | 000,599,040 | ---- | C] (Microsoft Corporation) β C:\Windows\SysNative\vbscript.dll
[2013/02/13 20:51:30 | 000,000,000 | βD | C] β C:\Users\Zach\AppData\Local{FF813D54-73E3-421E-BC01-B0CBCE174D79}
[2013/02/13 17:53:07 | 000,000,000 | βD | C] β C:\ProgramData\Affinegy
[1 C:\Windows*.tmp files β C:\Windows*.tmp β ]
========== Files - Modified Within 30 Days ==========
[2013/03/15 11:22:02 | 000,000,904 | ---- | M] () β C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1328156809-3205407908-1351085036-1001UA.job
[2013/03/15 11:05:42 | 000,000,830 | ---- | M] () β C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/15 10:47:40 | 000,001,290 | ---- | M] () β C:\Users\Zach\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/03/15 10:47:40 | 000,001,266 | ---- | M] () β C:\Users\Zach\Desktop\Spybot - Search & Destroy.lnk
[2013/03/15 10:31:06 | 000,009,920 | -H-- | M] () β C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/15 10:31:06 | 000,009,920 | -H-- | M] () β C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/15 10:21:59 | 000,001,926 | ---- | M] () β C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/15 10:21:58 | 000,000,000 | ---- | M] () β C:\Windows\SysWow64\config.nt
[2013/03/15 10:21:08 | 000,067,584 | --S- | M] () β C:\Windows\bootstat.dat
[2013/03/15 10:21:03 | 525,438,151 | ---- | M] () β C:\Windows\MEMORY.DMP
[2013/03/15 10:21:00 | 3220,574,208 | -HS- | M] () β C:\hiberfil.sys
[2013/03/14 22:24:50 | 000,002,366 | ---- | M] () β C:\Users\Zach\Desktop\Google Chrome.lnk
[2013/03/14 18:56:47 | 000,001,117 | ---- | M] () β C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/14 17:03:31 | 000,780,156 | ---- | M] () β C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/14 17:03:31 | 000,660,732 | ---- | M] () β C:\Windows\SysNative\perfh009.dat
[2013/03/14 17:03:31 | 000,121,402 | ---- | M] () β C:\Windows\SysNative\perfc009.dat
[2013/03/14 12:51:08 | 000,002,052 | ---- | M] () β C:\Users\Zach\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/03/14 11:05:39 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) β C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/14 11:05:39 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) β C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/14 10:36:07 | 000,000,969 | ---- | M] () β C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/08 17:31:19 | 000,001,105 | ---- | M] () β C:\Users\Zach\Desktop\config-cache.wtf
[2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) β C:\Windows\SysNative\drivers\aswSnx.sys
[2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) β C:\Windows\SysNative\drivers\aswSP.sys
[2013/03/06 18:33:21 | 000,178,624 | ---- | M] () β C:\Windows\SysNative\drivers\aswVmm.sys
[2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) β C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) β C:\Windows\SysNative\drivers\aswTdi.sys
[2013/03/06 18:33:21 | 000,065,336 | ---- | M] () β C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) β C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) β C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) β C:\Windows\avastSS.scr
[2013/03/06 18:32:22 | 000,287,840 | ---- | M] (AVAST Software) β C:\Windows\SysNative\aswBoot.exe
[2013/02/27 09:22:00 | 000,000,852 | ---- | M] () β C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1328156809-3205407908-1351085036-1001Core.job
[2013/02/24 12:38:40 | 000,001,599 | ---- | M] () β C:\Users\Zach\Desktop[H+A][V+M]85-90 3Mil EXP Virmen Nest V3.xml
[2013/02/24 12:18:41 | 007,977,857 | ---- | M] () β C:\Users\Zach\Desktop\Honorbuddy 2.5.6805.535.zip
[2013/02/23 21:04:44 | 000,001,414 | ---- | M] () β C:\Users\Public\Desktop\World of Warcraft Public Test.lnk
[2013/02/23 17:33:09 | 000,265,264 | ---- | M] () β C:\Users\Zach\Desktop\IMG_0287.JPG
[2013/02/23 17:02:53 | 006,683,434 | ---- | M] () β C:\Users\Zach\Desktop\06 Santeria.m4a
[2013/02/18 20:07:11 | 000,039,768 | ---- | M] (AVG Technologies) β C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/14 08:01:57 | 000,275,712 | ---- | M] () β C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows*.tmp files β C:\Windows*.tmp β ]
========== Files Created - No Company Name ==========
[2013/03/15 10:47:40 | 000,001,290 | ---- | C] () β C:\Users\Zach\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/03/15 10:47:40 | 000,001,266 | ---- | C] () β C:\Users\Zach\Desktop\Spybot - Search & Destroy.lnk
[2013/03/14 18:56:47 | 000,001,117 | ---- | C] () β C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/14 11:40:10 | 000,001,926 | ---- | C] () β C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/14 11:39:47 | 000,178,624 | ---- | C] () β C:\Windows\SysNative\drivers\aswVmm.sys
[2013/03/14 11:39:44 | 000,065,336 | ---- | C] () β C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/03/14 11:39:36 | 000,000,000 | ---- | C] () β C:\Windows\SysWow64\config.nt
[2013/03/14 10:21:43 | 525,438,151 | ---- | C] () β C:\Windows\MEMORY.DMP
[2013/03/08 17:58:45 | 000,001,105 | ---- | C] () β C:\Users\Zach\Desktop\config-cache.wtf
[2013/02/24 12:38:40 | 000,001,599 | ---- | C] () β C:\Users\Zach\Desktop[H+A][V+M]85-90 3Mil EXP Virmen Nest V3.xml
[2013/02/24 12:18:33 | 007,977,857 | ---- | C] () β C:\Users\Zach\Desktop\Honorbuddy 2.5.6805.535.zip
[2013/02/23 21:04:39 | 000,001,414 | ---- | C] () β C:\Users\Public\Desktop\World of Warcraft Public Test.lnk
[2013/02/23 17:33:09 | 000,265,264 | ---- | C] () β C:\Users\Zach\Desktop\IMG_0287.JPG
[2013/02/23 17:03:50 | 005,023,715 | ---- | C] () β C:\Users\Zach\Desktop\Travis Barker - Letβs Go-[www_flvto_com].mp3
[2013/02/23 17:03:06 | 006,683,434 | ---- | C] () β C:\Users\Zach\Desktop\06 Santeria.m4a
[2013/02/23 17:01:35 | 007,619,321 | ---- | C] () β C:\Users\Zach\Desktop\04 - Electric Feel.mp3
[2013/02/23 17:01:04 | 008,325,732 | ---- | C] () β C:\Users\Zach\Desktop\01 Cupidβs Chokehold _ Breakfast in.m4a
[2013/02/23 17:00:04 | 008,777,866 | ---- | C] () β C:\Users\Zach\Desktop\03 Ni__as In Paris.mp3
[2013/02/23 16:55:44 | 006,233,758 | ---- | C] () β C:\Users\Zach\Desktop\20 Shake That (Remix).m4a
[2012/11/26 13:49:13 | 000,270,240 | ---- | C] () β C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/26 13:49:10 | 000,075,136 | ---- | C] () β C:\Windows\SysWow64\PnkBstrA.exe
[2012/08/28 12:58:42 | 000,000,048 | ---- | C] () β C:\Users\Zach\jagex_cl_runescape_LIVE_BETA.dat
[2012/08/28 12:58:42 | 000,000,024 | ---- | C] () β C:\Users\Zach\random.dat
[2012/02/21 13:16:52 | 000,000,044 | ---- | C] () β C:\Users\Zach\jagex_cl_runescape_LIVE1.dat
[2011/12/25 16:20:46 | 000,109,016 | -H-- | C] () β C:\Windows\SysWow64\mlfcache.dat
[2011/11/27 22:59:59 | 000,000,032 | ---- | C] () β C:\Users\Zach\jagex_cl_runescape_LIVE.dat
[2011/09/02 22:23:59 | 000,000,024 | ---- | C] () β C:\Users\Zach\jagexappletviewer.preferences
[2011/06/16 23:08:45 | 000,000,095 | ---- | C] () β C:\Users\Zach\AppData\Roaming\RSBuddy_redsox244.ini
[2011/06/15 14:21:27 | 000,000,010 | ---- | C] () β C:\Users\Zach\AppData\Roaming\RSBuddy Login.ini
[2011/06/14 23:11:38 | 000,000,170 | ---- | C] () β C:\Users\Zach\AppData\Roaming\RSBuddy_bigpapi567.ini
[2011/05/29 16:38:51 | 000,773,880 | ---- | C] () β C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/23 12:14:00 | 000,000,045 | ---- | C] () β C:\Users\Zach\AppData\Roaming\RSBot_Accounts.ini
[2011/04/23 16:10:56 | 000,006,144 | ---- | C] () β C:\Users\Zach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 21:21:38 | 000,000,129 | ---- | C] () β C:\Users\Zach\jagex_runescape_preferences2.dat
[2011/04/01 21:20:29 | 000,000,035 | ---- | C] () β C:\Users\Zach\jagex_runescape_preferences.dat
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () β C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
ββ = C:\Windows\SysNative\shell32.dll β [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
βThreadingModelβ = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
ββ = %SystemRoot%\system32\shell32.dll β [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
βThreadingModelβ = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
ββ = C:\Windows\SysNative\wbem\fastprox.dll β [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
βThreadingModelβ = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
ββ = %systemroot%\system32\wbem\fastprox.dll β [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
βThreadingModelβ = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
ββ = C:\Windows\SysNative\wbem\wbemess.dll β [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
βThreadingModelβ = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ==========
========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] β C:\Windows\SysNative\aelupsvc.dll β (AeLookupSvc)
SRV:64bit: - [2010/11/20 09:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] β C:\Windows\SysNative\appinfo.dll β (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysNative\alg.exe β (ALG)
SRV:64bit: - [2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\qmgr.dll β (BITS)
SRV:64bit: - [2010/11/20 09:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\BFE.DLL β (BFE)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] β C:\Windows\SysNative\lsass.exe β (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\es.dll β (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysWOW64\es.dll β (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] β C:\Windows\SysNative\browser.dll β (Browser)
SRV:64bit: - [2012/06/02 01:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\cryptsvc.dll β (CryptSvc)
SRV - [2012/06/02 00:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysWOW64\cryptsvc.dll β (CryptSvc)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\rpcss.dll β (DcomLaunch)
SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\dhcpcore.dll β (Dhcp)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysWOW64\dhcpcore.dll β (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\dnsrslvr.dll β (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] β C:\Windows\SysNative\eapsvc.dll β (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] β C:\Windows\SysNative\hidserv.dll β (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] β C:\Windows\SysWOW64\hidserv.dll β (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] β C:\Windows\SysNative\ipnathlp.dll β (SharedAccess)
SRV:64bit: - [2010/11/20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] β C:\Windows\SysNative\IPSECSVC.DLL β (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysNative\swprv.dll β (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] β C:\Windows\SysNative\mmcss.dll β (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] β C:\Windows\SysNative\netman.dll β (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] β C:\Windows\SysNative\netprofm.dll β (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] β C:\Windows\SysWOW64\netprofm.dll β (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\nlasvc.dll β (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\nsisvc.dll β (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\umpnpmgr.dll β (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\spoolsv.exe β (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysNative\lsass.exe β (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysNative\rasauto.dll β (RasAuto)
SRV:64bit: - [2010/11/20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysNative\rasmans.dll β (RasMan)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\rpcss.dll β (RpcSs)
SRV:64bit: - [2010/11/20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysNative\seclogon.dll β (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\lsass.exe β (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\wscsvc.dll β (wscsvc)
SRV:64bit: - [2010/11/20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\srvsvc.dll β (LanmanServer)
SRV:64bit: - [2010/11/20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\shsvcs.dll β (ShellHWDetection)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysWOW64\shsvcs.dll β (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\schedsvc.dll β (Schedule)
SRV:64bit: - [2010/11/20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysNative\tapisrv.dll β (TapiSrv)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysWOW64\tapisrv.dll β (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\themeservice.dll β (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\profsvc.dll β (ProfSvc)
SRV:64bit: - [2010/11/20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysNative\VSSVC.exe β (VSS)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\audiosrv.dll β (AudioSrv)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\audiosrv.dll β (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysNative\sdrsvc.dll β (SDRSVC)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Program Files\Windows Defender\MpSvc.dll β (WinDefend)
SRV:64bit: - [2010/11/20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\wevtsvc.dll β (eventlog)
SRV:64bit: - [2010/11/20 09:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\MPSSVC.dll β (MpsSvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\wiaservc.dll β (stisvc)
SRV:64bit: - [2010/11/20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysNative\msiexec.exe β (msiserver)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysWow64\msiexec.exe β (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\wbem\WMIsvc.dll β (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\wuaueng.dll β (wuauserv)
SRV:64bit: - [2010/11/20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] β C:\Windows\SysNative\dot3svc.dll β (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\wlansvc.dll β (Wlansvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] β C:\Windows\SysNative\wkssvc.dll β (LanmanWorkstation)
< %SYSTEMDRIVE%*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 β C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 β C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F β C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 β C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 β C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF β C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 β C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 β C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 β C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 β C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 β C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E β C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E β C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE β C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D β C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 β C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F β C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 β C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 β C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 β C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D β C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 β C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 β C:\Windows\winsxs\amd64_microsoft-windows-wβ¦nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB β C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB β C:\Windows\winsxs\amd64_microsoft-windows-sβ¦s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 β C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 β C:\Windows\winsxs\amd64_microsoft-windows-sβ¦ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 β C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 β C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 β C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 β C:\Windows\winsxs\amd64_microsoft-windows-sβ¦s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 β C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 β C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 β C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 β C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 β C:\Windows\winsxs\amd64_microsoft-windows-sβ¦cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 β C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 β C:\Windows\winsxs\x86_microsoft-windows-sβ¦cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 β C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 β C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 β C:\Windows\winsxs\amd64_microsoft-windows-sβ¦s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SERVICES.SBS >
[2011/03/01 03:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B β C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs
< MD5 for: SERVICES.TICO >
[2009/09/25 14:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 β C:\Program Files (x86)\AVG\AVG PC TuneUp\data\services.tico
< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D β C:\Program Files (x86)\Malwarebytesβ Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD β C:\Windows\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 β C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 β C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D β C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D β C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 β C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 β C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 β C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE β C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 β C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 β C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 β C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 β C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A β C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D β C:\Program Files (x86)\Malwarebytesβ Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE β C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A β C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< End of report >
Just now seeing your post about attaching ill do that.
OK you appear to have missed my attach post, nevermind it has boosted your post count ;D
But there was sufficient data there for me to see where to go
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
[*]Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
[*]Click the Start Scan button.
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please attach its contents on your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now