Trojan Horse in my Windows directory, read only so I cannot move to chest

Hello, I seem to have a virus in C:\Windows\System32\services.exe of High severity and is a Win32:Sirefef-ZT Trojan Horse. Avast is currently stopping it from infecting the rest of my computer, but I need help removing it for good. It is read only and I can’t find the file to remove the read only status. Thanks for your help.

I managed to find the file, but it isn’t checked as read-only so I’m not sure how to allow avast to move it to chest. Also, the virus is keeping Windows Security Center from starting.

A malware removal specialist has been informed of your topic.

There may be some delay due to differing time zones and availability of the volunteer malware removal specialists.

I appreciate the update and any help I can get.

Hi Drejer, welcome to the forum.

To make cleaning this machine easier
[*]Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
[*]Please do not run any scans other than those requested
[*]Please follow all instructions in the order posted
[*]All logs/reports, etc… must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
[*]Do not attach any logs/reports, etc… unless specifically requested to do so.
[*]If you have problems with or do not understand the instructions, Please ask before continuing.
[*]Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it. If asked to download Avast’s database please do so.

Click the “Scan” button to start scan

http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply

http://public.avast.com/~gmerek/aswMBR2.png

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Next

Download OTL to your desktop.

[*]Right click on OTL.exe and click “Run as Administrator” to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, underneath Output at the top change it to Minimal Output
[*]Check the boxes beside LOP Check and Purity Check.
[*]In the window under Custom Scans/Fixes copy and paste the following

[B]
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT

[/B]
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with
[]aswMBR log
[
]both OTL logs

OTL logfile created on: 5/27/2013 10:46:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dondreius\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 50.02% Memory free
12.00 Gb Paging File | 8.56 Gb Available in Paging File | 71.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 355.57 Gb Free Space | 38.75% Space Free | Partition Type: NTFS

Computer Name: DONDREIUS-PC | User Name: Dondreius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dondreius\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Dondreius\Desktop\aswMBR.exe (AVAST Software)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.21\deploy\LolClient.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.160\deploy\LoLLauncher.exe ()
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\13052701\algo.dll ()
MOD - C:\Users\Dondreius\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Dondreius\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\Dondreius\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Users\Dondreius\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Users\Dondreius\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.21\deploy\LolClient.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\82f376255a9523982c52cf58b13268d3\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.160\deploy\LoLLauncher.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - \?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \.\globalroot\systemroot\syswow64\mswsock.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD FUEL Service) – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) – C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (!SASCORE) – C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV - (AdobeFlashPlayerUpdateSvc) – C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) – C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) – C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) – C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MozillaMaintenance) – C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (UMVPFSrv) – C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AxAutoMntSrv) – C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
SRV - (sftvsa) – C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) – C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AODService) – C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (GoToAssist) – C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (RoxWatch12) – C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) – C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (clr_optimization_v4.0.30319_32) – C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) – C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (clr_optimization_v2.0.50727_32) – C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) – C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) – C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) – C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) – C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) – C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) – C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) – C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) – C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (rzudd) – C:\Windows\SysNative\drivers\rzudd.sys (Razer USA Ltd)
DRV:64bit: - (sptd) – C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (atikmdag) – C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) – C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) – C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) – C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) – C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) – C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AODDriver4.2) – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.01) – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) – C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) – C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) – C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (Sftvol) – C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) – C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) – C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) – C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) – C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) – C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) – C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) – C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) – C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (PxHlpa64) – C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdiox64) – C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) – C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (xusb21) – C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (k57nd60a) – C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) – C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) – C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) – C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) – C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) – C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) – C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) – C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) – C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) – C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (WimFltr) – C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) – C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dondreius\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dondreius\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dondreius\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Happy Cloud Plugin (Enabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Dondreius\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dondreius\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\Dondreius\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave for Director (Disabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR - Extension: South Park = C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiakcboakkfknbginpmpfkcdmcmpnfm\1.6_0
CHR - Extension: Google Drive = C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR - Extension: YouTube = C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR - Extension: Adblock Plus = C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0
CHR - Extension: Google Search = C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR - Extension: AdBlock = C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR - Extension: avast! Online Security = C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0
CHR - Extension: Reddit Enhancement Suite = C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0
CHR - Extension: ScriptSafe = C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.13_0
CHR - Extension: Gmail = C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR - Extension: League Streams = C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Extensions\plbfmpfcbppeepkmbgphjpgldpgglbob\1.1.7_0\

O1 HOSTS File: ([2013/03/09 03:56:12 | 000,000,863 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 launcher01.kalypsomedia.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4:64bit: - HKLM…\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM…\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM…\Run: File not found
O4 - HKLM…\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM…\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM…\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM…\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM…\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM…\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU…\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU…\Run: [PlayNC Launcher] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU..Trusted Domains: clonewarsadventures.com (* in Trusted sites)
O15 - HKCU..Trusted Domains: freerealms.com (* in Trusted sites)
O15 - HKCU..Trusted Domains: soe.com (* in Trusted sites)
O15 - HKCU..Trusted Domains: sony.com (* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\DONDRE~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\DONDRE~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1 (F5 Networks Auto Update)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {E07939AA-05BA-42D3-AD20-5DCC46459BEA} http://www.cyphers.co.kr/object/cyphers_real.cab (CNeopleInstallAXCtlCy1 Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\DONDRE~1\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{20373D08-50DF-43E3-AD48-C28687422CCB}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk )
O35:64bit: - HKLM..comfile [open] – “%1” %

O35:64bit: - HKLM..exefile [open] – “%1” %*
O35 - HKLM..comfile [open] – “%1” %*
O35 - HKLM..exefile [open] – “%1” %*
O37:64bit: - HKLM.…com [@ = comfile] – “%1” %*
O37:64bit: - HKLM.…exe [@ = exefile] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*
O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/27 22:44:26 | 000,602,112 | ---- | C] (OldTimer Tools) – C:\Users\Dondreius\Desktop\OTL.exe
[2013/05/27 21:47:36 | 004,745,728 | ---- | C] (AVAST Software) – C:\Users\Dondreius\Desktop\aswMBR.exe
[2013/05/26 23:32:40 | 000,000,000 | —D | C] – C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
[2013/05/26 23:32:36 | 000,000,000 | —D | C] – C:\Program Files (x86)\x264 Video Codec
[2013/05/25 22:09:11 | 000,000,000 | —D | C] – C:\Users\Dondreius\AppData\Roaming\vlc
[2013/05/25 21:59:19 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/25 21:58:54 | 000,000,000 | —D | C] – C:\Program Files (x86)\VideoLAN
[2013/05/25 08:41:03 | 000,000,000 | —D | C] – C:\Program Files (x86)\Common Files\Java
[2013/05/25 08:40:52 | 000,174,496 | ---- | C] (Oracle Corporation) – C:\Windows\SysWow64\javaw.exe
[2013/05/25 08:40:52 | 000,174,496 | ---- | C] (Oracle Corporation) – C:\Windows\SysWow64\java.exe
[2013/05/25 08:40:52 | 000,095,648 | ---- | C] (Oracle Corporation) – C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/20 00:59:49 | 000,000,000 | —D | C] – C:\Users\Dondreius\Documents\CAPCOM
[2013/05/20 00:34:35 | 000,000,000 | —D | C] – C:\Program Files (x86)\Capcom
[2013/05/16 08:09:12 | 001,930,752 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\authui.dll
[2013/05/16 08:09:12 | 000,197,120 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\shdocvw.dll
[2013/05/16 08:09:10 | 001,796,096 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\authui.dll
[2013/05/16 08:09:10 | 000,111,448 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\consent.exe
[2013/05/16 08:08:58 | 000,265,064 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/16 08:08:58 | 000,144,384 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\cdd.dll
[2013/05/16 08:08:57 | 000,048,640 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\wwanprotdim.dll
[2013/05/15 12:45:37 | 000,000,000 | —D | C] – C:\Users\Dondreius\Documents\InfiniteCrisis
[2013/05/15 12:45:35 | 000,000,000 | —D | C] – C:\Users\Dondreius\AppData\Local\InfiniteCrisis
[2013/05/15 11:51:49 | 000,000,000 | —D | C] – C:\ProgramData\Turbine
[2013/05/15 11:14:37 | 000,000,000 | —D | C] – C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infinite Crisis
[2013/05/15 11:14:34 | 000,000,000 | —D | C] – C:\Program Files (x86)\InfiniteCrisis
[2013/05/12 22:06:51 | 000,000,000 | —D | C] – C:\Users\Dondreius\AppData\Roaming\3909 LLC
[2013/05/07 09:00:10 | 000,000,000 | —D | C] – C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Razer
[2013/05/03 22:53:42 | 000,000,000 | —D | C] – C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/06/16 23:10:53 | 000,114,120 | ---- | C] (Neople) – C:\Users\Dondreius\AppData\Local\CyphersLogInAgent.exe
[2 C:\Windows*.tmp files → C:\Windows*.tmp → ]
[1 C:\Users\Dondreius\Desktop*.tmp files → C:\Users\Dondreius\Desktop*.tmp → ]

========== Files - Modified Within 30 Days ==========

[2013/05/27 22:44:20 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Users\Dondreius\Desktop\OTL.exe
[2013/05/27 22:24:53 | 000,000,570 | ---- | M] () – C:\Users\Dondreius\Desktop\MBR.zip
[2013/05/27 22:24:29 | 000,000,512 | ---- | M] () – C:\Users\Dondreius\Desktop\MBR.dat
[2013/05/27 22:23:00 | 000,000,830 | ---- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/27 21:53:00 | 000,000,924 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-378408495-2378744050-2952221486-1001UA.job
[2013/05/27 21:46:39 | 004,745,728 | ---- | M] (AVAST Software) – C:\Users\Dondreius\Desktop\aswMBR.exe
[2013/05/27 18:29:18 | 000,067,584 | --S- | M] () – C:\Windows\bootstat.dat
[2013/05/27 14:18:20 | 000,000,872 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-378408495-2378744050-2952221486-1001Core.job
[2013/05/27 10:52:21 | 000,014,240 | -H-- | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 10:52:21 | 000,014,240 | -H-- | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 00:34:10 | 536,063,999 | -HS- | M] () – C:\hiberfil.sys
[2013/05/25 08:10:12 | 000,000,000 | ---- | M] () – C:\Windows\SysWow64\config.nt
[2013/05/23 19:55:10 | 000,064,586 | ---- | M] () – C:\Users\Dondreius\Documents\Elements Mono Entropy deck.jpg
[2013/05/20 00:31:38 | 000,000,784 | ---- | M] () – C:\Users\Dondreius\Documents\ax_files.xml
[2013/05/17 07:57:00 | 000,343,664 | ---- | M] () – C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/16 08:13:41 | 000,807,422 | ---- | M] () – C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/16 08:13:41 | 000,669,516 | ---- | M] () – C:\Windows\SysNative\perfh009.dat
[2013/05/16 08:13:41 | 000,125,444 | ---- | M] () – C:\Windows\SysNative\perfc009.dat
[2013/05/15 13:23:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 13:23:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/13 10:07:30 | 000,196,297 | ---- | M] () – C:\Users\Dondreius\Documents\Contact Prescription.jpg
[2013/05/09 04:59:07 | 001,025,808 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/09 04:59:07 | 000,378,432 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/09 04:59:07 | 000,189,936 | ---- | M] () – C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/09 04:59:07 | 000,065,336 | ---- | M] () – C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/09 04:58:37 | 000,041,664 | ---- | M] (AVAST Software) – C:\Windows\avastSS.scr
[2013/05/09 04:58:11 | 000,287,840 | ---- | M] (AVAST Software) – C:\Windows\SysNative\aswBoot.exe
[2013/05/07 09:30:23 | 000,000,000 | -H-- | M] () – C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01005.Wdf
[2 C:\Windows*.tmp files → C:\Windows*.tmp → ]
[1 C:\Users\Dondreius\Desktop*.tmp files → C:\Users\Dondreius\Desktop*.tmp → ]

========== Files Created - No Company Name ==========

[2013/05/27 22:24:53 | 000,000,570 | ---- | C] () – C:\Users\Dondreius\Desktop\MBR.zip
[2013/05/27 22:24:29 | 000,000,512 | ---- | C] () – C:\Users\Dondreius\Desktop\MBR.dat
[2013/05/23 19:55:10 | 000,064,586 | ---- | C] () – C:\Users\Dondreius\Documents\Elements Mono Entropy deck.jpg
[2013/05/13 10:07:30 | 000,196,297 | ---- | C] () – C:\Users\Dondreius\Documents\Contact Prescription.jpg
[2013/05/07 09:30:23 | 000,000,000 | -H-- | C] () – C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01005.Wdf
[2013/02/27 22:53:29 | 000,000,000 | ---- | C] () – C:\Users\Dondreius__ng3d.lock
[2012/12/07 15:12:17 | 000,281,688 | ---- | C] () – C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/07 15:12:15 | 000,076,888 | ---- | C] () – C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/07 15:12:14 | 003,130,440 | ---- | C] () – C:\Windows\SysWow64\pbsvc_blr.exe
[2012/11/26 10:35:50 | 000,000,218 | ---- | C] () – C:\Users\Dondreius\AppData\Local\recently-used.xbel
[2012/10/17 09:54:41 | 000,003,153 | ---- | C] () – C:\Program Files\visit-nosteam.ro.html
[2012/10/17 09:54:41 | 000,000,081 | ---- | C] () – C:\Program Files\update-walking-dead.bat
[2012/06/12 14:25:51 | 000,000,268 | ---- | C] () – C:\Windows{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () – C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/01 11:49:05 | 000,000,000 | ---- | C] () – C:\Windows\f5unistall.INI
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () – C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () – C:\Windows\SysWow64\ativvsva.dat
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () – C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () – C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () – C:\Windows\SysWow64\LogiDPPApp.exe
[2011/12/21 10:07:19 | 000,003,917 | ---- | C] () – C:\Windows\SysWow64\atipblag.dat
[2011/12/01 01:18:58 | 000,000,017 | ---- | C] () – C:\Windows\SysWow64\shortcut_ex.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () – C:\Windows\SysWow64\xlive.dll.cat
[2011/07/20 08:13:04 | 000,000,032 | R— | C] () – C:\ProgramData\hash.dat
[2011/05/17 14:41:25 | 000,000,097 | ---- | C] () – C:\Users\Dondreius\AppData\Local\fusioncache.dat
[2011/05/16 13:16:51 | 000,000,048 | -H-- | C] () – C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2011/11/17 02:41:18 | 000,002,048 | -HS- | M] () – C:\Windows\Installer{c8532fdb-1754-d652-011a-6179c2f172de}@
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] – C:\Windows\Installer{c8532fdb-1754-d652-011a-6179c2f172de}\L
[2013/05/27 22:51:16 | 000,000,000 | -HSD | M] – C:\Windows\Installer{c8532fdb-1754-d652-011a-6179c2f172de}\U
[2013/05/27 10:44:21 | 000,002,048 | ---- | M] () – C:\Windows\Installer{c8532fdb-1754-d652-011a-6179c2f172de}\U\00000004.@
[2013/05/26 23:34:17 | 000,001,024 | ---- | M] () – C:\Windows\Installer{c8532fdb-1754-d652-011a-6179c2f172de}\U\00000008.@
[2013/05/27 10:44:22 | 000,015,360 | ---- | M] () – C:\Windows\Installer{c8532fdb-1754-d652-011a-6179c2f172de}\U\80000000.@
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini
[2013/05/27 10:44:03 | 000,004,608 | -HS- | M] () – C:\Windows\assembly\GAC_32\Desktop.ini
[2013/05/27 10:44:03 | 000,006,144 | -HS- | M] () – C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
“” = C:\Windows\SysNative\shell32.dll – [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
“” = %SystemRoot%\system32\shell32.dll – [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
“” = C:\Windows\SysNative\wbem\fastprox.dll – [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
“” = %systemroot%\system32\wbem\fastprox.dll – [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
“” = C:\Windows\SysNative\wbem\wbemess.dll – [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/22 08:03:18 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming.minecraft
[2013/04/21 18:27:11 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming.mono
[2013/05/12 22:06:51 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\3909 LLC
[2012/05/20 23:14:48 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Applian FLV and Media Player
[2012/01/15 01:00:46 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Audacity
[2011/05/16 12:58:01 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\AVG10
[2012/06/07 20:23:07 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Bioshock
[2012/06/11 12:17:08 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Bioshock2
[2013/01/08 12:30:31 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Carbon
[2011/06/20 08:35:46 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Cyphers
[2011/06/16 23:21:42 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\CyphersLauncher
[2012/12/24 19:45:20 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Downloaded Installations
[2013/03/15 08:35:36 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Dropbox
[2012/08/02 09:27:46 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\FFsplit
[2011/11/27 20:33:45 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\GroovesharkDesktop.7F9BF17D6D9CB2159C78A6A6AB076EA0B1E0497C.1
[2012/10/21 15:04:30 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\GrooveWalrus
[2013/02/28 20:03:09 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Hive Cluster
[2011/11/14 10:18:01 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\ijjigame
[2013/03/09 03:57:12 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Kalypso Media
[2011/05/21 22:51:11 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Leadertech
[2011/05/16 13:30:07 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\LolClient
[2012/05/14 22:16:03 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\LolClient2
[2012/01/30 10:30:54 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\MMOUI
[2011/12/15 10:52:14 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Mumble
[2013/01/04 14:11:34 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\OBS
[2011/08/17 22:29:59 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\ooVoo Details
[2011/12/28 22:43:10 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Participatory Culture Foundation
[2011/05/17 12:00:35 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\PCDr
[2012/05/04 14:40:10 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\PCF-VLC
[2013/04/21 18:24:03 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Pokémon Trading Card Game Online
[2013/01/23 14:29:34 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\raidcall
[2013/05/09 02:39:09 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\SoftGrid Client
[2011/09/27 00:03:19 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\SplitMediaLabs
[2013/01/10 10:19:04 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\SystemRequirementsLab
[2011/09/03 18:49:41 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\TP
[2013/04/06 23:24:48 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Tropico 4
[2013/03/09 02:51:46 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\Tropico 4 Demo
[2012/12/12 15:06:18 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\TS3Client
[2013/05/27 00:16:03 | 000,000,000 | —D | M] – C:\Users\Dondreius\AppData\Roaming\uTorrent
[2013/04/09 14:07:26 | 000,000,000 | -HSD | M] – C:\Users\Dondreius\AppData\Roaming\wyUpdate AU

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) – C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/05/10 01:55:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/05/10 01:55:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 – C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/05/10 01:55:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2011/05/10 01:55:19 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E – C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/05/10 01:55:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/05/10 01:55:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/05/10 01:55:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/05/10 01:55:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/05/10 01:55:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/05/10 01:55:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/05/10 01:55:19 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011/05/10 01:55:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 – C:\Windows\winsxs\amd64_microsoft-windows-w…nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/12/18 10:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D – C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R— | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E – C:\Windows\Installer$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB – C:\Windows\winsxs\amd64_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/13 21:39:37 | 000,329,216 | ---- | M] (Microsoft Corporation) MD5=50BEA589F7D7958BDD2528A8F69D05CC – C:\Windows\SysNative\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 – C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 – C:\Windows\winsxs\amd64_microsoft-windows-s…ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 – C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2013/05/27 18:55:01 | 000,000,413 | ---- | M] () MD5=684255BE42E8B235AF9E551BBA0FC261 – C:\Users\Dondreius\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot#SharedObjects\T6TQDXYA\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 – C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 – C:\Windows\winsxs\amd64_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\amd64_microsoft-windows-s…cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\x86_microsoft-windows-s…cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 – C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 – C:\Windows\winsxs\amd64_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.XCONFIG >
[2012/11/24 16:33:42 | 000,001,975 | ---- | M] () MD5=4D241741FC3993E3EF9142ADF2D4D995 – C:\Program Files (x86)\64bit\services.xconfig
[2012/12/30 15:40:58 | 000,001,979 | ---- | M] () MD5=63592800A8620B56AB51826CFFEB5A44 – C:\Program Files (x86)\OBS\64bit\services.xconfig
[2013/05/08 11:54:13 | 000,002,066 | ---- | M] () MD5=A8A9F4E4EE6AA3CF543BB71FF9FF55DE – C:\Program Files (x86)\OBS\services.xconfig

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 – C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 – C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D – C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D – C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 – C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 – C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 – C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE – C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 – C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 – C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 – C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 – C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A – C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/05/10 01:55:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE – C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/05/10 01:55:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A – C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 08BC-16E4
Directory of C:
07/14/2009 01:08 AM Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender
07/14/2009 01:37 AM en-US [c:\windows\system32\config]
07/13/2009 09:41 PM MpAsDesc.dll [c:\windows\system32\config]
07/13/2009 09:41 PM MpClient.dll [c:\windows\system32\config]
07/13/2009 09:39 PM MpCmdRun.exe [c:\windows\system32\config]
07/13/2009 09:41 PM MpCommu.dll [c:\windows\system32\config]
07/13/2009 09:29 PM MpEvMsg.dll [c:\windows\system32\config]
07/13/2009 09:41 PM MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:41 PM MpRTP.dll [c:\windows\system32\config]
07/13/2009 09:41 PM MpSvc.dll [c:\windows\system32\config]
07/13/2009 09:39 PM MSASCui.exe [c:\windows\system32\config]
11/20/2010 09:27 AM MsMpCom.dll [c:\windows\system32\config]
07/13/2009 09:29 PM MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:41 PM MsMpRes.dll [c:\windows\system32\config]
12 File(s) 3,919,360 bytes

Directory of C:\ProgramData
07/14/2009 01:08 AM Application Data [C:\ProgramData]
07/14/2009 01:08 AM Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM All Users [C:\ProgramData]
07/14/2009 01:08 AM Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM Application Data [C:\ProgramData]
07/14/2009 01:08 AM Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Dondreius
05/16/2011 12:57 PM Application Data [C:\Users\Dondreius\AppData\Roaming]
05/16/2011 12:57 PM Cookies [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Cookies]
05/16/2011 12:57 PM Local Settings [C:\Users\Dondreius\AppData\Local]
05/16/2011 12:57 PM My Documents [C:\Users\Dondreius\Documents]
05/16/2011 12:57 PM NetHood [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/16/2011 12:57 PM PrintHood [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/16/2011 12:57 PM Recent [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Recent]
05/16/2011 12:57 PM SendTo [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\SendTo]
05/16/2011 12:57 PM Start Menu [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Start Menu]
05/16/2011 12:57 PM Templates [C:\Users\Dondreius\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Dondreius\AppData\Local
05/16/2011 12:57 PM Application Data [C:\Users\Dondreius\AppData\Local]
05/16/2011 12:57 PM History [C:\Users\Dondreius\AppData\Local\Microsoft\Windows\History]
05/16/2011 12:57 PM Temporary Internet Files [C:\Users\Dondreius\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Dondreius\Documents
05/16/2011 12:57 PM My Music [C:\Users\Dondreius\Music]
05/16/2011 12:57 PM My Pictures [C:\Users\Dondreius\Pictures]
05/16/2011 12:57 PM My Videos [C:\Users\Dondreius\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
05/16/2011 06:02 PM Application Data [C:\Users\Guest\AppData\Roaming]
05/16/2011 06:02 PM Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
05/16/2011 06:02 PM Local Settings [C:\Users\Guest\AppData\Local]
05/16/2011 06:02 PM My Documents [C:\Users\Guest\Documents]
05/16/2011 06:02 PM NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/16/2011 06:02 PM PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/16/2011 06:02 PM Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
05/16/2011 06:02 PM SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
05/16/2011 06:02 PM Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
05/16/2011 06:02 PM Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
05/16/2011 06:02 PM Application Data [C:\Users\Guest\AppData\Local]
05/16/2011 06:02 PM History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
05/16/2011 06:02 PM Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
05/16/2011 06:02 PM My Music [C:\Users\Guest\Music]
05/16/2011 06:02 PM My Pictures [C:\Users\Guest\Pictures]
05/16/2011 06:02 PM My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
12 File(s) 3,919,360 bytes
67 Dir(s) 381,714,014,208 bytes free

< End of report >

OTL Extras logfile created on: 5/27/2013 10:46:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dondreius\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 50.02% Memory free
12.00 Gb Paging File | 8.56 Gb Available in Paging File | 71.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 355.57 Gb Free Space | 38.75% Space Free | Partition Type: NTFS

Computer Name: DONDREIUS-PC | User Name: Dondreius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.url[@ = InternetShortcut] – C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.cpl [@ = cplfile] – C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes<key>\shell[command]\command]
batfile [open] – “%1” %*
cmdfile [open] – “%1” %*
comfile [open] – “%1” %*
exefile [open] – “%1” %*
helpfile [open] – Reg Error: Key error.
htmlfile [edit] – Reg Error: Key error.
htmlfile [print] – rundll32.exe %windir%\system32\mshtml.dll,PrintHTML “%1”
inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation)
InternetShortcut [open] – “C:\Windows\System32\rundll32.exe” “C:\Windows\System32\ieframe.dll”,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] – “C:\Windows\System32\rundll32.exe” “C:\Windows\System32\mshtml.dll”,PrintHTML “%1” (Microsoft Corporation)
piffile [open] – “%1” %*
regfile [merge] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] – “%1” /S
txtfile [edit] – Reg Error: Key error.
Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] – “C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe” -I skins2 --started-from-file --playlist-enqueue “%1” ()
Directory [AddToPlaylistVLC] – “C:\Program Files (x86)\VideoLAN\VLC\vlc.exe” --started-from-file --playlist-enqueue “%1” (VideoLAN)
Directory [cmd] – cmd.exe /s /k pushd “%V” (Microsoft Corporation)
Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] – “C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe” -I skins2 --started-from-file --no-playlist-enqueue “%1” ()
Directory [PlayWithVLC] – “C:\Program Files (x86)\VideoLAN\VLC\vlc.exe” --started-from-file --no-playlist-enqueue “%1” (VideoLAN)
Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] – Reg Error: Value error.
Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<key>\shell[command]\command]
batfile [open] – “%1” %*
cmdfile [open] – “%1” %*
comfile [open] – “%1” %*
cplfile [cplopen] – %SystemRoot%\System32\control.exe “%1”,%* (Microsoft Corporation)
exefile [open] – “%1” %*
helpfile [open] – Reg Error: Key error.
htmlfile [edit] – Reg Error: Key error.
htmlfile [print] – rundll32.exe %windir%\system32\mshtml.dll,PrintHTML “%1”
inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation)
piffile [open] – “%1” %*
regfile [merge] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] – “%1” /S
txtfile [edit] – Reg Error: Key error.
Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] – “C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe” -I skins2 --started-from-file --playlist-enqueue “%1” ()
Directory [AddToPlaylistVLC] – “C:\Program Files (x86)\VideoLAN\VLC\vlc.exe” --started-from-file --playlist-enqueue “%1” (VideoLAN)
Directory [cmd] – cmd.exe /s /k pushd “%V” (Microsoft Corporation)
Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] – “C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe” -I skins2 --started-from-file --no-playlist-enqueue “%1” ()
Directory [PlayWithVLC] – “C:\Program Files (x86)\VideoLAN\VLC\vlc.exe” --started-from-file --no-playlist-enqueue “%1” (VideoLAN)
Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] – Reg Error: Value error.
Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“cval” = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
“VistaSp1” = 28 4D B2 76 41 04 CA 01 [binary data]
“AntiVirusOverride” = 0
“AntiSpywareOverride” = 0
“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========