brando223

Hello Here is my DDS: DDS (Ver_2012-11-05.02) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2 Run by Brandon at 20:11:12 on 2012-11-06 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://oc-startpage.aol.com/ BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "D:\iTunesHelper.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{34AEEEB9-D965-46C9-8533-D3AF1705D6D3} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{FC602071-B493-4C3A-98A8-BAB07C14E525} : DHCPNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-Run: [RtHDVCpl] RAVCpl64.exe x64-Run: [skytel] Skytel.exe x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-Explorer: NoDrives = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\ FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - plugin: D:\Mozilla Plugins\npitunes.dll FF - ExtSQL: 2012-09-10 13:08; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - ExtSQL: !HIDDEN! 2009-06-24 03:00; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true . ============= SERVICES / DRIVERS =============== . . =============== File Associations =============== . FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-10-17 16:46:44 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-10-14 18:49:01 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-14 18:48:54 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-10-14 18:48:54 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-14 18:48:54 246760 ----a-w- C:\Windows\SysWow64\javaws.exe 2012-10-14 18:48:54 174056 ----a-w- C:\Windows\SysWow64\javaw.exe 2012-10-14 18:48:54 174056 ----a-w- C:\Windows\SysWow64\java.exe 2012-10-08 21:40:17 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-08 21:40:17 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-29 11:40:01 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-24 16:07:02 218624 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 15:53:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-24 11:15:45 17810944 ----a-w- C:\Windows\System32\mshtml.dll 2012-08-24 10:39:42 10925568 ----a-w- C:\Windows\System32\ieframe.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:22:46 1346048 ----a-w- C:\Windows\System32\urlmon.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:18:46 237056 ----a-w- C:\Windows\System32\url.dll 2012-08-24 10:17:03 85504 ----a-w- C:\Windows\System32\jsproxy.dll 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:14:34 816640 ----a-w- C:\Windows\System32\jscript.dll 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:12:04 2144768 ----a-w- C:\Windows\System32\iertutil.dll 2012-08-24 10:11:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll 2012-08-24 10:10:14 96768 ----a-w- C:\Windows\System32\mshtmled.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 10:04:06 248320 ----a-w- C:\Windows\System32\ieui.dll 2012-08-24 07:27:00 12319744 ----a-w- C:\Windows\SysWow64\mshtml.dll 2012-08-24 07:03:49 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:50 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:49:57 231936 ----a-w- C:\Windows\SysWow64\url.dll 2012-08-24 06:48:38 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll 2012-08-24 06:47:36 717824 ----a-w- C:\Windows\SysWow64\jscript.dll 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:45:46 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll 2012-08-24 06:44:35 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll 2012-08-24 06:44:10 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-24 06:40:11 176640 ----a-w- C:\Windows\SysWow64\ieui.dll . ============= FINISH: 20:12:34.57 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-05.02) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 1&1 EasyLogin 3Impact 64 Bit HP CIO Components Installer Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) Adobe Shockwave Player Apple Application Support Apple Mobile Device Support Apple Software Update ASUS InstantFun ASUS LifeFrame3 ASUS Live Update ASUS Power4Gear eXtreme ASUS SmartLogon ASUS Splendid Video Enhancement Technology ATK Generic Function Service ATK Hotkey ATK Media ATKOSD2 AVS Update Manager 1.0 AVS Video Converter 6 AVS4YOU Software Navigator 1.3 Counter-Strike: Global Offensive CSS Tab Designer v2.0 CyberLink LabelPrint CyberLink Power2Go DivX Setup Dolby Control Center Download Updater (AOL LLC) DVD Flick 1.3.0.7 ESET Online Scanner v3 Facebook Plug-In FileZilla Client 3.5.3 FrostWire 5.3.8 GIMP 2.8.2 HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708) Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB982218) Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899) HP Photosmart Prem C310 All-In-One Driver 14.0 Rel. 7 ImgBurn ITECIR iTunes Java 7 Update 7 Java Auto Updater Java SE Development Kit 7 (64-bit) jEdit 4.3.2 Kodu Game Lab LG USB Modem Drivers LightScribe System Software 1.14.17.1 Likno Web Tabs Builder 2.0.206 Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Expression Blend 3 SDK Microsoft Expression Blend 4 Microsoft Expression Blend 4 Add-in for Adobe FXG Import Microsoft Expression Blend SDK for .NET 4 Microsoft Expression Blend SDK for Silverlight 4 Microsoft Expression Blend SDK for Windows Phone 7 Microsoft Expression Design 4 Microsoft Expression Encoder 4 Microsoft Expression Encoder 4 Screen Capture Codec Microsoft Expression Studio 4 Microsoft Expression Web 4 Microsoft Expression Web 4 Service Pack 2 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Help Viewer 1.0 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft Silverlight Tools for Visual Studio 2010 Microsoft SQL Server 2008 R2 (64-bit) Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Native Client Microsoft SQL Server 2008 R2 RsFx Driver Microsoft SQL Server 2008 R2 Setup (English) Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Browser Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server System CLR Types Microsoft SQL Server VSS Writer Microsoft VC9 runtime libraries Microsoft Visual Basic 2008 Express Edition with SP1 - ENU Microsoft Visual Basic 2010 Express - ENU Microsoft Visual C# 2010 Express - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Express for Windows Phone - ENU Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU Microsoft Visual Studio 6.0 Professional Edition Microsoft Web Platform Installer 3.0 Microsoft Web Publishing Wizard 1.53 Microsoft Windows Phone 7 Developer Resources Microsoft Windows Phone Developer Tools - ENU Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Microsoft XNA Framework Redistributable 4.0 Refresh Microsoft XNA Game Studio 4.0 Microsoft XNA Game Studio 4.0 (ARP entry) Microsoft XNA Game Studio 4.0 (Redists) Microsoft XNA Game Studio 4.0 (Shared Components) Microsoft XNA Game Studio 4.0 (Visual Studio) Microsoft XNA Game Studio 4.0 (XnaLiveProxy) Microsoft XNA Game Studio 4.0 Documentation Microsoft XNA Game Studio 4.0 Windows Phone Extensions Microsoft XNA Game Studio Platform Tools mIRC Monopoly Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NetBeans IDE 7.2 Network64 Norton AntiVirus Notepad++ NVIDIA Control Panel 301.42 NVIDIA Drivers NVIDIA Graphics Driver 301.42 NVIDIA HD Audio Driver 1.3.16.0 NVIDIA Install Application NVIDIA Performance NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA System Monitor PS_AIO_07_C310_SW_Min QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver RealUpgrade 1.1 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 RuneScape Launcher 1.2 RuneScape Launcher 1.2.2 Scan Secure Download Manager SecureW2 Enterprise Client 3.5.7 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Expression Design 4 (KB2667730) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487) Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489) Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489) SMSCaster E-Marketer GSM Standard v3.7 SQL Server 2008 R2 Common Files SQL Server 2008 R2 Database Engine Services SQL Server 2008 R2 Database Engine Shared Sql Server Customer Experience Improvement Program SSH Secure Shell Steam Synaptics Pointing Device Driver Team Fortress 2 Tiled - Tiled Map Editor Toolbox Total Video Converter 3.71 100812 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) USB 2.0 1.3M UVC WebCam VC80CRTRedist - 8.0.50727.6195 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 1.0.1 WampServer 2.2 Windows Live ID Sign-in Assistant Windows Media Player Firefox Plugin Windows Phone 7 Add-in for Visual Studio 2010 - ENU Windows Phone Emulator x64 - ENU WindowsApplication1 WinRAR 4.01 (32-bit) WinX Video Converter 4.5.14 Wireless Console 2 WPF Toolkit February 2010 (Version 3.5.50211.1) Yahoo! Detect . ==== End Of File ===========================

Hello all. My computer was working fine for weeks, but then it seemed to gotten sluggish slow again. Maybe I am infected? I am not totally sure, but here is HiJack this log I ran Malwarebytes quick scan, found nothing. HiJack This: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:12:00 PM, on 11/4/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe D:\iTunesHelper.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Brandon\jagexcache\jagexlauncher\bin\JagexLauncher.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://oc-startpage.aol.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-21-3268160211-647110919-3188366877-1000\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-21-3268160211-647110919-3188366877-1000\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?') O4 - HKUS\S-1-5-21-3268160211-647110919-3188366877-1000\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent (User '?') O4 - HKUS\S-1-5-18\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?') O4 - HKUS\.DEFAULT\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10434 bytes

Alright! Thank you. I really appreciate it!

Alrighty I uninstalled Combo and deleted OTL folder.

Im sorry, what does OTL mean?

Okay, I have done what you told me to. But I go one question. Those 8 threats that the last scan resulted in, those should now be fixed?

It seems to be fine, what shall I do now?

My computer is pretty infected, or was wasn't it? Here is Combo Fix log: ComboFix 12-10-14.03 - Brandon 10/14/2012 19:55:08.7.2 - x64 Running from: c:\users\Brandon\Desktop\ComboFix.exe Command switches used :: c:\users\Brandon\Desktop\CFScript.txt * Created a new restore point . FILE :: "c:\programdata\Microsoft\Windows\DRM\B82B.tmp.dat" "c:\users\All Users\Microsoft\Windows\DRM\B82B.tmp.dat" . . ((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 ))))))))))))))))))))))))))))))) . . 2012-10-15 00:07 . 2012-10-15 00:07 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-10-15 00:07 . 2012-10-15 00:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-14 23:52 . 2012-10-14 23:53 -------- d-----w- C:\32788R22FWJFW 2012-10-14 18:49 . 2012-10-14 18:49 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-14 18:49 . 2012-10-14 18:48 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-14 18:49 . 2012-10-14 18:49 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-14 18:48 . 2012-10-14 18:48 -------- d-----w- c:\programdata\McAfee 2012-10-12 13:41 . 2012-10-12 13:41 -------- d-----w- c:\program files\Penn State Wireless v2 2012-10-09 19:00 . 2012-10-09 19:03 -------- d-----w- c:\users\Brandon\AppData\Roaming\mIRC 2012-10-09 19:00 . 2012-10-09 19:00 -------- d-----w- c:\program files (x86)\mIRC 2012-10-07 19:03 . 2012-10-07 19:03 133120 ----a-w- c:\programdata\Microsoft\Windows\DRM\B82B.tmp.dat 2012-10-05 20:14 . 2012-10-14 17:22 -------- d-----w- c:\users\Brandon\AppData\Roaming\SSH 2012-10-05 20:11 . 2012-10-05 20:11 -------- d-----w- c:\program files (x86)\SSH Communications Security 2012-10-01 00:59 . 2012-10-01 00:59 -------- d-----w- c:\users\Brandon\AppData\Roaming\Digiarty 2012-10-01 00:59 . 2012-10-01 00:59 -------- d-----w- c:\program files (x86)\Digiarty 2012-10-01 00:53 . 2012-10-01 00:53 -------- d-----w- c:\users\Brandon\AppData\Local\IsolatedStorage 2012-09-30 17:47 . 2012-09-30 17:47 -------- d-----w- c:\users\Brandon\RSCEmulation 2012-09-20 20:17 . 2012-09-20 20:17 -------- d-----w- c:\users\Brandon\.m2 2012-09-20 20:16 . 2012-09-20 20:16 -------- d-----w- c:\users\Brandon\AppData\Roaming\NetBeans 2012-09-20 20:16 . 2012-09-20 20:16 -------- d-----w- c:\users\Brandon\AppData\Local\NetBeans 2012-09-20 19:59 . 2012-09-20 20:02 -------- d-----w- c:\program files\NetBeans 7.2 2012-09-20 19:58 . 2012-09-20 20:04 -------- d-----w- c:\users\Brandon\.nbi 2012-09-18 03:03 . 2012-09-18 03:04 -------- d-----w- c:\program files (x86)\Web Publish 2012-09-17 20:26 . 2012-09-17 20:26 -------- d-----w- c:\users\Brandon\AppData\Local\fontconfig 2012-09-17 20:26 . 2012-09-18 22:59 -------- d-----w- c:\users\Brandon\.gimp-2.8 2012-09-17 20:26 . 2012-09-17 20:26 -------- d-----w- c:\users\Brandon\AppData\Local\gegl-0.2 2012-09-17 20:24 . 2012-09-17 20:25 -------- d-----w- c:\program files\GIMP 2 2012-09-16 20:26 . 2012-09-16 20:26 -------- d-----w- c:\users\Brandon\AppData\Roaming\.minecraft 2012-09-15 00:38 . 2012-09-15 03:35 -------- d-----w- c:\users\Brandon\AppData\Roaming\ImgBurn 2012-09-15 00:37 . 2012-09-15 00:37 -------- d-----w- c:\program files (x86)\ImgBurn . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-14 18:48 . 2010-07-28 00:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-14 15:37 . 2009-01-03 12:24 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-10-08 21:40 . 2012-07-12 02:32 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 21:40 . 2012-07-06 18:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-07 21:04 . 2011-08-08 19:48 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 00:52 . 2012-08-04 00:52 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-31 1353080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-04-01 273544] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="D:\iTunesHelper.exe" [2012-06-07 421776] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] IME File REG_SZ IMSC12.IME . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 21:40] . 2012-10-14 c:\windows\Tasks\ReclaimerUpdateFiles_Brandon.job - c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22] . 2012-10-14 c:\windows\Tasks\ReclaimerUpdateXML_Brandon.job - c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22] . 2012-10-14 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Brandon.job - c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6342688] "Skytel"="Skytel.exe" [2007-11-20 1826816] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://oc-startpage.aol.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\ FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-09-10 13:08; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - ExtSQL: !HIDDEN! 2009-06-24 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true . - - - - ORPHANS REMOVED - - - - . AddRemove-SecureW2 Enterprise Client - c:\program files (x86)\SecureW2\Uninstall.exe . . . Completion time: 2012-10-14 20:09:55 ComboFix-quarantined-files.txt 2012-10-15 00:09 ComboFix2.txt 2012-10-14 15:47 ComboFix3.txt 2012-10-14 04:25 ComboFix4.txt 2012-08-07 15:45 ComboFix5.txt 2012-10-14 23:53 . Pre-Run: 116,703,232 bytes free Post-Run: 95,973,376 bytes free . - - End Of File - - F695F27D5EE81D80D89C88C9DD78D2AF

Ran Malwarebytes scanner. Did not pick up a thing. Then I run the ESET scanner and found threats.

It seems to be fine, but how can I be sure that I removed threats?

Here is the new log ComboFix 12-10-14.03 - Brandon 10/14/2012 11:17:58.6.2 - x64 Running from: c:\users\Brandon\Desktop\ComboFix.exe Command switches used :: c:\users\Brandon\Desktop\CFScript.txt * Created a new restore point . FILE :: "c:\programdata\Microsoft\Windows\DRM\5BCE.tmp" "c:\programdata\Microsoft\Windows\DRM\5BDE.tmp" "c:\programdata\Microsoft\Windows\DRM\F09C.tmp" "c:\programdata\Microsoft\Windows\DRM\F0DC.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\DRM\5BCE.tmp c:\programdata\Microsoft\Windows\DRM\5BDE.tmp c:\programdata\Microsoft\Windows\DRM\F09C.tmp c:\programdata\Microsoft\Windows\DRM\F0DC.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_nvsvc . . ((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 ))))))))))))))))))))))))))))))) . . 2012-10-14 15:28 . 2012-10-14 15:28 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-10-14 15:28 . 2012-10-14 15:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-12 13:41 . 2012-10-12 13:41 -------- d-----w- c:\program files\Penn State Wireless v2 2012-10-09 19:00 . 2012-10-09 19:03 -------- d-----w- c:\users\Brandon\AppData\Roaming\mIRC 2012-10-09 19:00 . 2012-10-09 19:00 -------- d-----w- c:\program files (x86)\mIRC 2012-10-07 19:03 . 2012-10-07 19:03 133120 ----a-w- c:\programdata\Microsoft\Windows\DRM\B82B.tmp.dat 2012-10-05 20:14 . 2012-10-05 20:21 -------- d-----w- c:\users\Brandon\AppData\Roaming\SSH 2012-10-05 20:11 . 2012-10-05 20:11 -------- d-----w- c:\program files (x86)\SSH Communications Security 2012-10-01 00:59 . 2012-10-01 00:59 -------- d-----w- c:\users\Brandon\AppData\Roaming\Digiarty 2012-10-01 00:59 . 2012-10-01 00:59 -------- d-----w- c:\program files (x86)\Digiarty 2012-10-01 00:53 . 2012-10-01 00:53 -------- d-----w- c:\users\Brandon\AppData\Local\IsolatedStorage 2012-09-30 17:47 . 2012-09-30 17:47 -------- d-----w- c:\users\Brandon\RSCEmulation 2012-09-20 20:17 . 2012-09-20 20:17 -------- d-----w- c:\users\Brandon\.m2 2012-09-20 20:16 . 2012-09-20 20:16 -------- d-----w- c:\users\Brandon\AppData\Roaming\NetBeans 2012-09-20 20:16 . 2012-09-20 20:16 -------- d-----w- c:\users\Brandon\AppData\Local\NetBeans 2012-09-20 19:59 . 2012-09-20 20:02 -------- d-----w- c:\program files\NetBeans 7.2 2012-09-20 19:58 . 2012-09-20 20:04 -------- d-----w- c:\users\Brandon\.nbi 2012-09-18 03:03 . 2012-09-18 03:04 -------- d-----w- c:\program files (x86)\Web Publish 2012-09-17 20:26 . 2012-09-17 20:26 -------- d-----w- c:\users\Brandon\AppData\Local\fontconfig 2012-09-17 20:26 . 2012-09-18 22:59 -------- d-----w- c:\users\Brandon\.gimp-2.8 2012-09-17 20:26 . 2012-09-17 20:26 -------- d-----w- c:\users\Brandon\AppData\Local\gegl-0.2 2012-09-17 20:24 . 2012-09-17 20:25 -------- d-----w- c:\program files\GIMP 2 2012-09-16 20:26 . 2012-09-16 20:26 -------- d-----w- c:\users\Brandon\AppData\Roaming\.minecraft 2012-09-15 00:38 . 2012-09-15 03:35 -------- d-----w- c:\users\Brandon\AppData\Roaming\ImgBurn 2012-09-15 00:37 . 2012-09-15 00:37 -------- d-----w- c:\program files (x86)\ImgBurn . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-14 15:37 . 2009-01-03 12:24 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-10-08 21:40 . 2012-07-12 02:32 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 21:40 . 2012-07-06 18:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-07 21:04 . 2011-08-08 19:48 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 00:52 . 2012-08-04 00:52 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-31 1353080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-04-01 273544] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="D:\iTunesHelper.exe" [2012-06-07 421776] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] IME File REG_SZ IMSC12.IME . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 21:40] . 2012-10-12 c:\windows\Tasks\ReclaimerUpdateFiles_Brandon.job - c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22] . 2012-10-13 c:\windows\Tasks\ReclaimerUpdateXML_Brandon.job - c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22] . 2012-10-14 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Brandon.job - c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6342688] "Skytel"="Skytel.exe" [2007-11-20 1826816] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://oc-startpage.aol.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\ FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-09-10 13:08; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - ExtSQL: !HIDDEN! 2009-06-24 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true . - - - - ORPHANS REMOVED - - - - . AddRemove-SecureW2 Enterprise Client - c:\program files (x86)\SecureW2\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe . ************************************************************************** . Completion time: 2012-10-14 11:47:01 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-14 15:47 ComboFix2.txt 2012-10-14 04:25 ComboFix3.txt 2012-08-07 15:45 ComboFix4.txt 2012-08-06 12:55 ComboFix5.txt 2012-10-14 15:16 . Pre-Run: 708,722,688 bytes free Post-Run: 253,665,280 bytes free . - - End Of File - - 29C5C88B9F0ADBA7279F0D934BC89B1C

Combo Fix log: ComboFix 12-10-13.04 - Brandon 10/13/2012 23:41:49.5.2 - x64 Running from: c:\users\Brandon\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFRF9D1.tmp c:\program files (x86)\SecureW2 c:\program files (x86)\SecureW2\sw2_rsaproxy.exe c:\program files (x86)\SecureW2\sw2_tray.exe c:\program files (x86)\SecureW2\Uninstall.exe c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2 c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini . . ((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 ))))))))))))))))))))))))))))))) . . 2012-10-14 04:18 . 2012-10-14 04:18 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-10-14 04:18 . 2012-10-14 04:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-12 21:19 . 2012-10-12 21:19 5632 ----a-w- c:\programdata\Microsoft\Windows\DRM\5BDE.tmp 2012-10-12 21:19 . 2012-10-12 21:19 5632 ----a-w- c:\programdata\Microsoft\Windows\DRM\5BCE.tmp 2012-10-12 13:41 . 2012-10-12 13:41 -------- d-----w- c:\program files\Penn State Wireless v2 2012-10-10 20:49 . 2012-10-10 20:49 5632 ----a-w- c:\programdata\Microsoft\Windows\DRM\F0DC.tmp 2012-10-10 20:49 . 2012-10-10 20:49 5632 ----a-w- c:\programdata\Microsoft\Windows\DRM\F09C.tmp 2012-10-09 19:00 . 2012-10-09 19:03 -------- d-----w- c:\users\Brandon\AppData\Roaming\mIRC 2012-10-09 19:00 . 2012-10-09 19:00 -------- d-----w- c:\program files (x86)\mIRC 2012-10-07 19:03 . 2012-10-07 19:03 133120 ----a-w- c:\programdata\Microsoft\Windows\DRM\B82B.tmp.dat 2012-10-05 20:14 . 2012-10-05 20:21 -------- d-----w- c:\users\Brandon\AppData\Roaming\SSH 2012-10-05 20:11 . 2012-10-05 20:11 -------- d-----w- c:\program files (x86)\SSH Communications Security 2012-10-01 00:59 . 2012-10-01 00:59 -------- d-----w- c:\users\Brandon\AppData\Roaming\Digiarty 2012-10-01 00:59 . 2012-10-01 00:59 -------- d-----w- c:\program files (x86)\Digiarty 2012-10-01 00:53 . 2012-10-01 00:53 -------- d-----w- c:\users\Brandon\AppData\Local\IsolatedStorage 2012-09-30 17:47 . 2012-09-30 17:47 -------- d-----w- c:\users\Brandon\RSCEmulation 2012-09-20 20:17 . 2012-09-20 20:17 -------- d-----w- c:\users\Brandon\.m2 2012-09-20 20:16 . 2012-09-20 20:16 -------- d-----w- c:\users\Brandon\AppData\Roaming\NetBeans 2012-09-20 20:16 . 2012-09-20 20:16 -------- d-----w- c:\users\Brandon\AppData\Local\NetBeans 2012-09-20 19:59 . 2012-09-20 20:02 -------- d-----w- c:\program files\NetBeans 7.2 2012-09-20 19:58 . 2012-09-20 20:04 -------- d-----w- c:\users\Brandon\.nbi 2012-09-18 03:03 . 2012-09-18 03:04 -------- d-----w- c:\program files (x86)\Web Publish 2012-09-17 20:26 . 2012-09-17 20:26 -------- d-----w- c:\users\Brandon\AppData\Local\fontconfig 2012-09-17 20:26 . 2012-09-18 22:59 -------- d-----w- c:\users\Brandon\.gimp-2.8 2012-09-17 20:26 . 2012-09-17 20:26 -------- d-----w- c:\users\Brandon\AppData\Local\gegl-0.2 2012-09-17 20:24 . 2012-09-17 20:25 -------- d-----w- c:\program files\GIMP 2 2012-09-16 20:26 . 2012-09-16 20:26 -------- d-----w- c:\users\Brandon\AppData\Roaming\.minecraft 2012-09-15 00:38 . 2012-09-15 03:35 -------- d-----w- c:\users\Brandon\AppData\Roaming\ImgBurn 2012-09-15 00:37 . 2012-09-15 00:37 -------- d-----w- c:\program files (x86)\ImgBurn . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-13 22:23 . 2009-01-03 12:24 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-10-08 21:40 . 2012-07-12 02:32 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 21:40 . 2012-07-06 18:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-07 21:04 . 2011-08-08 19:48 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 00:52 . 2012-08-04 00:52 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-31 1353080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-04-01 273544] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="D:\iTunesHelper.exe" [2012-06-07 421776] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] IME File REG_SZ IMSC12.IME . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] . . --- Other Services/Drivers In Memory --- . *Deregistered* - aswMBR . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 21:40] . 2012-10-12 c:\windows\Tasks\ReclaimerUpdateFiles_Brandon.job - c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22] . 2012-10-13 c:\windows\Tasks\ReclaimerUpdateXML_Brandon.job - c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22] . 2012-10-13 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Brandon.job - c:\users\Brandon\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-29 19:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6342688] "Skytel"="Skytel.exe" [2007-11-20 1826816] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://oc-startpage.aol.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-opencandy-chromesbox-en-us&tb_uuid=20110910223317895&tb_oid=11-09-2011&tb_mrud=11-09-2011 FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-09-10 13:08; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - ExtSQL: !HIDDEN! 2009-06-24 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-SecureW2 Tray - c:\program files (x86)\SecureW2\sw2_tray.exe AddRemove-SecureW2 Enterprise Client - c:\program files (x86)\SecureW2\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-10-14 00:25:43 ComboFix-quarantined-files.txt 2012-10-14 04:25 ComboFix2.txt 2012-08-07 15:45 ComboFix3.txt 2012-08-06 12:55 ComboFix4.txt 2011-08-18 04:38 ComboFix5.txt 2012-10-14 03:40 . Pre-Run: 598,413,312 bytes free Post-Run: 586,211,328 bytes free . - - End Of File - - 236174EEE43AFA34008EDE0A4EC25237

answmbr log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-13 18:49:23 ----------------------------- 18:49:23.469 OS Version: Windows x64 6.0.6002 Service Pack 2 18:49:23.470 Number of processors: 2 586 0xF0D 18:49:23.470 ComputerName: BRANDON-PC UserName: Brandon 18:49:24.297 Initialize success 18:49:33.149 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:49:33.151 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3 18:49:33.162 Disk 0 MBR read successfully 18:49:33.164 Disk 0 MBR scan 18:49:33.167 Disk 0 unknown MBR code 18:49:33.169 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10997 MB offset 63 18:49:33.188 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119232 MB offset 22523130 18:49:33.191 Disk 0 Partition - 00 0F Extended LBA 108244 MB offset 266711280 18:49:33.215 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 108244 MB offset 266711324 18:49:33.242 Disk 0 scanning C:\Windows\system32\drivers 18:49:42.920 Service scanning 18:50:04.807 Modules scanning 18:50:04.814 Disk 0 trace - called modules: 18:50:04.862 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll 18:50:05.196 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d35790] 18:50:05.200 3 CLASSPNP.SYS[fffffa60011cfc33] -> nt!IofCallDriver -> [0xfffffa8005779790] 18:50:05.206 5 acpi.sys[fffffa60008f8fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bd7050] 18:50:05.211 Scan finished successfully 18:54:55.568 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat" 18:54:55.573 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"

Hi Jeff! I can not seem to find the Malwarebytes log when I removed threats but I did a re scan and everything checked out fine. Here is the DDS log: DDS (Ver_2012-10-14.04) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Brandon at 18:44:47 on 2012-10-13 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://oc-startpage.aol.com/ BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "D:\iTunesHelper.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [secureW2 Tray] "C:\Program Files (x86)\SecureW2\sw2_tray.exe" dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{34AEEEB9-D965-46C9-8533-D3AF1705D6D3} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{FC602071-B493-4C3A-98A8-BAB07C14E525} : DHCPNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [RtHDVCpl] RAVCpl64.exe x64-Run: [skytel] Skytel.exe x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-Explorer: NoDrives = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-opencandy-chromesbox-en-us&tb_uuid=20110910223317895&tb_oid=11-09-2011&tb_mrud=11-09-2011 FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: D:\Mozilla Plugins\npitunes.dll FF - ExtSQL: 2012-09-10 13:08; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true . ============= SERVICES / DRIVERS =============== . . =============== File Associations =============== . FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-10-13 22:23:36 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-10-08 21:40:17 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-08 21:40:17 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-30 20:35:21 0 ----a-w- C:\DFRF9D1.tmp 2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-04 00:52:58 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys . ============= FINISH: 18:45:37.05 =============== Attach.text: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.04) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 1&1 EasyLogin 3Impact 64 Bit HP CIO Components Installer Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) Adobe Shockwave Player Apple Application Support Apple Mobile Device Support Apple Software Update ASUS InstantFun ASUS LifeFrame3 ASUS Live Update ASUS Power4Gear eXtreme ASUS SmartLogon ASUS Splendid Video Enhancement Technology ATK Generic Function Service ATK Hotkey ATK Media ATKOSD2 AVS Update Manager 1.0 AVS Video Converter 6 AVS4YOU Software Navigator 1.3 Counter-Strike: Global Offensive CSS Tab Designer v2.0 CyberLink LabelPrint CyberLink Power2Go DivX Setup Dolby Control Center Download Updater (AOL LLC) DVD Flick 1.3.0.7 ESET Online Scanner v3 Facebook Plug-In FileZilla Client 3.5.3 FrostWire 5.3.8 GIMP 2.8.2 HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708) Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB982218) Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899) HP Photosmart Prem C310 All-In-One Driver 14.0 Rel. 7 ImgBurn ITECIR iTunes Java Auto Updater Java 6 Update 31 Java 7 (64-bit) Java SE Development Kit 7 (64-bit) jEdit 4.3.2 Kodu Game Lab LG USB Modem Drivers LightScribe System Software 1.14.17.1 Likno Web Tabs Builder 2.0.206 Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Expression Blend 3 SDK Microsoft Expression Blend 4 Microsoft Expression Blend 4 Add-in for Adobe FXG Import Microsoft Expression Blend SDK for .NET 4 Microsoft Expression Blend SDK for Silverlight 4 Microsoft Expression Blend SDK for Windows Phone 7 Microsoft Expression Design 4 Microsoft Expression Encoder 4 Microsoft Expression Encoder 4 Screen Capture Codec Microsoft Expression Studio 4 Microsoft Expression Web 4 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Help Viewer 1.0 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft Silverlight Tools for Visual Studio 2010 Microsoft SQL Server 2008 R2 (64-bit) Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Native Client Microsoft SQL Server 2008 R2 RsFx Driver Microsoft SQL Server 2008 R2 Setup (English) Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Browser Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server System CLR Types Microsoft SQL Server VSS Writer Microsoft VC9 runtime libraries Microsoft Visual Basic 2008 Express Edition with SP1 - ENU Microsoft Visual Basic 2010 Express - ENU Microsoft Visual C# 2010 Express - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Express for Windows Phone - ENU Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU Microsoft Visual Studio 6.0 Professional Edition Microsoft Web Platform Installer 3.0 Microsoft Web Publishing Wizard 1.53 Microsoft Windows Phone 7 Developer Resources Microsoft Windows Phone Developer Tools - ENU Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Microsoft XNA Framework Redistributable 4.0 Refresh Microsoft XNA Game Studio 4.0 Microsoft XNA Game Studio 4.0 (ARP entry) Microsoft XNA Game Studio 4.0 (Redists) Microsoft XNA Game Studio 4.0 (Shared Components) Microsoft XNA Game Studio 4.0 (Visual Studio) Microsoft XNA Game Studio 4.0 (XnaLiveProxy) Microsoft XNA Game Studio 4.0 Documentation Microsoft XNA Game Studio 4.0 Windows Phone Extensions Microsoft XNA Game Studio Platform Tools mIRC Monopoly Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service NetBeans IDE 7.2 Network64 Norton AntiVirus Notepad++ NVIDIA Control Panel 301.42 NVIDIA Drivers NVIDIA Graphics Driver 301.42 NVIDIA HD Audio Driver 1.3.16.0 NVIDIA Install Application NVIDIA Performance NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA System Monitor PS_AIO_07_C310_SW_Min QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver RealUpgrade 1.1 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 RuneScape Launcher 1.2 RuneScape Launcher 1.2.2 Scan Secure Download Manager SecureW2 Enterprise Client 3.5.7 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487) Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489) Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489) SMSCaster E-Marketer GSM Standard v3.7 SQL Server 2008 R2 Common Files SQL Server 2008 R2 Database Engine Services SQL Server 2008 R2 Database Engine Shared Sql Server Customer Experience Improvement Program SSH Secure Shell Steam Synaptics Pointing Device Driver Team Fortress 2 Tiled - Tiled Map Editor Toolbox Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) USB 2.0 1.3M UVC WebCam VC80CRTRedist - 8.0.50727.6195 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 1.0.1 WampServer 2.2 Windows Live ID Sign-in Assistant Windows Media Player Firefox Plugin Windows Phone 7 Add-in for Visual Studio 2010 - ENU Windows Phone Emulator x64 - ENU WindowsApplication1 WinRAR 4.01 (32-bit) WinX Video Converter 4.5.14 Wireless Console 2 WPF Toolkit February 2010 (Version 3.5.50211.1) Yahoo! Detect . ==== End Of File ===========================

Also the Malwarebytes log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.13.09 Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Brandon :: BRANDON-PC [administrator] 10/13/2012 4:44:44 PM mbam-log-2012-10-13 (16-45-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205161 Time elapsed: 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run| (Trojan.Ransom) -> Data: C:\Users\Brandon\AppData\Local\Temp\irb700.exe -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\Users\Brandon\AppData\Local\Temp\irb700.exe (Trojan.Ransom) -> No action taken. C:\Users\Brandon\AppData\Local\Temp\247B.tmp (Trojan.Agent.MRGGen) -> No action taken. C:\Users\Brandon\AppData\Local\Temp\5C4C.tmp (Trojan.Agent.MRGGen) -> No action taken. C:\Users\Brandon\AppData\Local\Temp\6E83.tmp (Rootkit.0Access) -> No action taken. C:\Users\Brandon\AppData\Local\Temp\A4EF.tmp (Trojan.Agent.MRGGen) -> No action taken. C:\Users\Brandon\AppData\Local\Temp\F1A7.tmp (Trojan.Agent.MRGGen) -> No action taken. (end)

Hello. I was recently browsing the internet, and I got a warning on my computer is siezed my computer and said it is the FBI and I got to pay $200 or my computer will stay locked. I am currently running my computer in safe mode. I scanned with Malwarebytes and it came up with 7 threats all virus/trojans. I know this is a bad case of malware/virus. Thanks for the help. Here is my Hijack This log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:23:01 PM, on 10/13/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://oc-startpage.aol.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [secureW2 Tray] "C:\Program Files (x86)\SecureW2\sw2_tray.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [] C:\Users\Brandon\AppData\Local\Temp\irb700.exe O4 - HKUS\S-1-5-18\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9803 bytes

They seem to be okay, but how can I be sure that everything is good?

This is all it has in it: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK

Here is that log: ComboFix 12-08-05.02 - Brandon 08/07/2012 11:17:48.4.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2627 [GMT -4:00] Running from: c:\users\Brandon\Desktop\ComboFix.exe Command switches used :: c:\users\Brandon\Desktop\CFScript.txt AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --> c:\windows\System32\services.exe . ((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 ))))))))))))))))))))))))))))))) . . 2012-08-07 15:30 . 2012-08-07 15:30 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-08-07 15:30 . 2012-08-07 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-06 01:51 . 2012-08-06 01:51 -------- d-----w- C:\_OTL 2012-08-04 01:42 . 2012-08-04 01:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-04 00:52 . 2012-08-04 00:52 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys 2012-08-03 22:16 . 2012-08-04 01:19 -------- d-----w- c:\users\Brandon\AppData\Local\NPE 2012-08-03 20:13 . 2012-08-03 20:13 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-13 19:23 . 2012-07-13 19:23 -------- dc----w- c:\windows\system32\DRVSTORE 2012-07-13 19:23 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-07-13 19:23 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-07-13 19:23 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-07-13 19:21 . 2012-07-13 19:21 -------- d-----w- c:\program files\iPod 2012-07-13 19:21 . 2012-07-13 19:22 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-07-13 19:21 . 2012-07-13 19:22 -------- d-----w- c:\program files\iTunes 2012-07-13 19:19 . 2012-07-13 19:19 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-07-13 19:15 . 2012-07-13 19:15 -------- d-----w- c:\program files\Common Files\Apple 2012-07-13 19:14 . 2012-07-13 19:14 -------- d-----w- c:\program files\Bonjour 2012-07-13 19:14 . 2012-07-13 19:14 -------- d-----w- c:\program files (x86)\Bonjour 2012-07-12 02:32 . 2012-08-03 20:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 07:03 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 04:19 . 2012-07-11 04:19 -------- d-----w- c:\users\Brandon\AppData\Roaming\YourFileDownloader 2012-07-11 01:54 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 01:54 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 01:54 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 01:54 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 01:54 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-11 01:54 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-11 01:54 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 01:54 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 01:54 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-11 01:54 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll 2012-07-11 01:54 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll 2012-07-11 01:54 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-07-11 01:53 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-07 15:35 . 2009-01-03 12:24 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-08-03 20:40 . 2012-07-06 18:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-03 17:46 . 2011-08-08 19:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-02 22:19 . 2012-06-27 18:49 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-27 18:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-27 18:50 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-27 18:50 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-27 18:49 35864 ----a-w- c:\windows\SysWow64\wups.dll 2012-06-02 22:19 . 2012-06-27 18:49 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-27 18:49 577048 ----a-w- c:\windows\SysWow64\wuapi.dll 2012-06-02 22:15 . 2012-06-27 18:50 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-27 18:49 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 22:12 . 2012-06-27 18:49 88576 ----a-w- c:\windows\SysWow64\wudriver.dll 2012-06-02 19:19 . 2012-06-27 18:49 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:19 . 2012-06-27 18:49 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll 2012-06-02 19:15 . 2012-06-27 18:49 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 19:12 . 2012-06-27 18:49 33792 ----a-w- c:\windows\SysWow64\wuapp.exe . . ((((((((((((((((((((((((((((( SnapShot_2012-08-06_12.45.38 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:23 . 2012-08-07 15:36 69912 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2012-08-07 15:36 93550 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-01-03 12:26 . 2012-08-07 15:36 20164 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3268160211-647110919-3188366877-1000_UserData.bin - 2009-01-03 12:23 . 2012-08-06 12:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-03 12:23 . 2012-08-06 12:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-08-06 02:05 . 2012-08-06 12:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-08-06 02:05 . 2012-08-06 12:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-01-03 12:23 . 2012-08-06 12:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-03 12:23 . 2012-08-06 12:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-08-07 15:32 . 2012-08-07 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-06 12:42 . 2012-08-06 12:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-07 15:32 . 2012-08-07 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-06 12:42 . 2012-08-06 12:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-01-03 01:47 . 2012-08-07 15:04 361316 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin - 2011-08-11 20:18 . 2012-08-06 12:41 411664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-08-11 20:18 . 2012-08-07 15:30 411664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-08-11 20:18 . 2012-08-07 15:07 1178458 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3268160211-647110919-3188366877-1000-8192.dat - 2011-08-11 20:18 . 2012-08-06 12:41 1178458 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3268160211-647110919-3188366877-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-04-01 273544] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="D:\iTunesHelper.exe" [2012-06-07 421776] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] IME File REG_SZ IMSC12.IME . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 20:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6342688] "Skytel"="Skytel.exe" [2007-11-20 1826816] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://oc-startpage.aol.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-opencandy-chromesbox-en-us&tb_uuid=20110910223317895&tb_oid=11-09-2011&tb_mrud=11-09-2011 FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe . ************************************************************************** . Completion time: 2012-08-07 11:45:02 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-07 15:45 ComboFix2.txt 2012-08-06 12:55 ComboFix3.txt 2011-08-18 04:38 ComboFix4.txt 2011-08-18 04:11 . Pre-Run: 769,961,984 bytes free Post-Run: 1,867,309,056 bytes free . - - End Of File - - C4F69DF4B41BC1CC953E70E019792DC8

SystemLook 30.07.11 by jpshortstuff Log created at 12:38 on 06/08/2012 by Brandon Administrator - Elevation successful ========== filefind ========== Searching for "*services.exe*" C:\Windows\ERDNT\cache64\services.exe --a---- 384512 bytes [04:09 18/08/2011] [04:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3 C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [23:32 18/08/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3 C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [23:31 18/08/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B C:\Windows\System32\services.exe --a---- 384512 bytes [16:02 10/08/2011] [04:10 11/04/2009] BC81150939BD52DBC7A08C245F1FB229 C:\Windows\System32\en-US\services.exe.mui --a---- 17408 bytes [15:13 02/11/2006] [15:13 02/11/2006] F514B57C09E143F1E14415A9E9ADD695 C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [16:02 10/08/2011] [03:28 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B C:\Windows\SysWOW64\en-US\services.exe.mui --a---- 17920 bytes [15:13 02/11/2006] [15:13 02/11/2006] 1626EACF0E7E59F85C59DDDD27C4169C C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui --a---- 17408 bytes [15:13 02/11/2006] [15:13 02/11/2006] F514B57C09E143F1E14415A9E9ADD695 C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719 C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [16:02 10/08/2011] [04:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3 C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23_services.exe.mui_86ea5e71 --a---- 17408 bytes [15:15 02/11/2006] [15:14 02/11/2006] F514B57C09E143F1E14415A9E9ADD695 C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c_services.exe_abfc33da --a---- 384512 bytes [16:38 10/08/2011] [16:23 10/08/2011] 934E0B7D77FF78C18D9F8891221B6DE3 C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced_services.exe.mui_86ea5e71 --a---- 17920 bytes [15:15 02/11/2006] [15:14 02/11/2006] 1626EACF0E7E59F85C59DDDD27C4169C C:\Windows\winsxs\Backup\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56_services.exe_abfc33da --a---- 279552 bytes [16:37 10/08/2011] [16:22 10/08/2011] D4E6D91C1349B7BFB3599A6ADA56851B C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui --a---- 17920 bytes [15:13 02/11/2006] [15:13 02/11/2006] 1626EACF0E7E59F85C59DDDD27C4169C C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [16:02 10/08/2011] [03:28 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B -= EOF =-

The log is attached, tried to post it is waaaaay too long. ComboFix.txt

Here is the log you asked for: All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-3268160211-647110919-3188366877-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found. C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\00000008.@ moved successfully. C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000032.@ moved successfully. C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\L\00000004.@ moved successfully. C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000064.@ moved successfully. C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000000.@ moved successfully. C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\@ moved successfully. C:\Users\Brandon\AppData\Local\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\@ moved successfully. C:\Users\Brandon\AppData\Local\488o5v2e4050 moved successfully. C:\ProgramData\488o5v2e4050 moved successfully. C:\Users\Brandon\AppData\Local\gu5xia0g22np28wlt72rb0t5l8t4a8tira5n6fwk2fyvna moved successfully. C:\ProgramData\gu5xia0g22np28wlt72rb0t5l8t4a8tira5n6fwk2fyvna moved successfully. C:\ProgramData\48f9f634 moved successfully. C:\ProgramData\1745062479 moved successfully. C:\ProgramData\1210687843 moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\xml\data folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\xml folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\themes folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\overlays folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\static.frostwire.com folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5128 folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5047 folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4147 folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4089 folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4084 folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4055 folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4047 folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4028 folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1218 folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1207 folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\tmp folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\net folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\logs\save folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\logs folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\dht folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\active folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\azureus folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully. C:\Users\Brandon\AppData\Roaming\FrostWire folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\xml\data folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\xml folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\promotion folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\mozilla-profile\OfflineCache folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\certificate folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\browser folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully. C:\Users\Brandon\AppData\Roaming\LimeWire folder moved successfully. ========== FILES ========== C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U folder moved successfully. C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d} scheduled to be moved on reboot. C:\Users\Brandon\AppData\Local\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U folder moved successfully. C:\Users\Brandon\AppData\Local\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\L folder moved successfully. C:\Users\Brandon\AppData\Local\{695283d7-3299-f0eb-65f2-3e18cdd08f4d} folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. c:\Users\Brandon\Downloads\cmd.bat deleted successfully. c:\Users\Brandon\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Brandon ->Temp folder emptied: 73306039 bytes ->Temporary Internet Files folder emptied: 69812891 bytes ->Java cache emptied: 94258925 bytes ->FireFox cache emptied: 194735526 bytes ->Flash cache emptied: 538484 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 378861557 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35782663 bytes RecycleBin emptied: 107156 bytes Total Files Cleaned = 808.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.56.0 log created on 08052012_215159

We will just continue with the cleaning, thank you though! OTL log: OTL logfile created on: 8/5/2012 11:19:23 AM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Brandon\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.01% Memory free 8.17 Gb Paging File | 5.89 Gb Available in Paging File | 72.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 1.29 Gb Free Space | 1.11% Space Free | Partition Type: NTFS Drive D: | 105.71 Gb Total Space | 89.95 Gb Free Space | 85.10% Space Free | Partition Type: NTFS Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/05 11:17:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Downloads\OTL.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/06/07 19:33:22 | 000,421,776 | ---- | M] (Apple Inc.) -- D:\iTunesHelper.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/03/31 20:37:11 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2009/04/10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2008/07/18 22:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008/07/15 14:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2008/07/15 14:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2008/06/24 22:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2008/06/23 23:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008/06/18 01:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2008/01/23 13:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe PRC - [2007/11/28 18:26:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe PRC - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe PRC - [2007/08/15 14:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ========== Modules (No Company Name) ========== MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/04/10 23:28:24 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll MOD - [2009/04/10 23:28:24 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2008/07/18 22:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008/06/09 12:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe MOD - [2007/08/14 16:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2007/07/12 16:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007/07/12 16:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2012/08/03 16:40:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/19 01:27:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/08/06 00:14:22 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe -- (NAV) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/21 22:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS -- (SYMTDIv) DRV:64bit: - [2011/08/21 22:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\SYMEFA64.SYS -- (SymEFA) DRV:64bit: - [2011/08/04 00:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\ccHPx64.sys -- (ccHP) DRV:64bit: - [2010/09/08 15:42:16 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\vmm.sys -- (vmm) DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2010/05/05 22:18:44 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\Ironx64.SYS -- (SymIRON) DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1109000.00C\SRTSP64.SYS -- (SRTSP) DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\SRTSPX64.SYS -- (SRTSPX) DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\RsFx0150.sys -- (RsFx0150) DRV:64bit: - [2010/02/03 21:40:47 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\SYMDS64.SYS -- (SymDS) DRV:64bit: - [2009/11/12 00:14:28 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/04/10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2008/07/21 08:23:11 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) DRV:64bit: - [2008/07/04 07:58:16 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor) DRV:64bit: - [2008/07/03 00:57:12 | 001,813,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2008/06/03 02:41:49 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2008/05/02 01:59:47 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008/02/15 21:27:18 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2008/01/20 22:46:59 | 000,054,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2007/12/18 20:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir) DRV:64bit: - [2007/12/06 06:12:55 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2007/07/26 23:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV:64bit: - [2007/07/23 09:23:58 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem) DRV:64bit: - [2007/07/23 09:23:58 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2007/07/23 09:23:56 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus) DRV:64bit: - [2006/10/27 09:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor) DRV - [2012/07/14 04:38:57 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20120713.004\ex64.sys -- (NAVEX15) DRV - [2012/07/14 04:38:57 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20120713.004\eng64.sys -- (NAVENG) DRV - [2012/07/13 08:31:52 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20120713.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/06/28 04:00:07 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/06/28 04:00:07 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/06/19 00:03:24 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20120711.002\BHDrvx64.sys -- (BHDrvx64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7 IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-opencandy-chromesbox-en-us&tb_uuid=20110910223317895&tb_oid=10-09-2011&tb_mrud=10-09-2011 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 C6 5E 01 B4 75 F6 4D BD F6 A0 B9 BF 90 6C 0B [binary data] IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 C6 5E 01 B4 75 F6 4D BD F6 A0 B9 BF 90 6C 0B [binary data] IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://oc-startpage.aol.com/ IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 C6 5E 01 B4 75 F6 4D BD F6 A0 B9 BF 90 6C 0B [binary data] IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6} IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7 IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-opencandy-chromesbox-en-us&tb_uuid=20110910223317895&tb_oid=10-09-2011&tb_mrud=10-09-2011 IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{7052B11F-3619-4704-9BFF-632351583321}: "URL" = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=bd3c53e2a2b14789ad46df7c0297b970 IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{CD09AE05-6910-4D94-B5D1-A81ECA20A71B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=PD IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\ [2011/08/06 00:09:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/31 20:37:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 01:27:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/04 20:56:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 01:27:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/04 20:56:47 | 000,000,000 | ---D | M] [2010/07/27 20:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions [2009/03/08 18:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2011/08/17 23:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\8j4nx1y8.default\extensions [2011/04/05 17:48:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\8j4nx1y8.default\extensions\{d699e99b-d6cb-4a13-aff6-a49941fb34d8} [2012/07/13 14:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions [2010/07/28 21:23:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/07/13 14:49:32 | 000,000,000 | ---D | M] (Website Hit Counters Community Toolbar) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{65056c24-1bd2-4a50-844a-20ee6ab19187} [2012/07/12 00:03:50 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2011/08/04 16:06:54 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2012/07/11 12:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/19 01:27:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\np32asw.dll [2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\np32asw.dll [2012/04/03 21:58:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011/08/18 00:35:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe () O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab (Macromedia Authorware Web Player Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34AEEEB9-D965-46C9-8533-D3AF1705D6D3}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC602071-B493-4C3A-98A8-BAB07C14E525}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/08/04 10:05:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Brandon\Desktop\dds(1).scr [2012/08/03 21:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/03 21:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/03 20:52:58 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys [2012/08/03 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\NPE [2012/08/03 16:13:18 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/07/13 15:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/07/13 15:23:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012/07/13 15:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/07/13 15:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/07/13 15:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/07/13 15:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012/07/13 15:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012/07/13 15:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/07/13 15:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012/07/11 12:41:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape [2012/07/11 12:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/07/11 12:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/07/11 12:23:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/07/11 00:19:20 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\YourFileDownloader [2012/07/10 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\dos [2012/07/06 11:42:28 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Macromedia [2012/07/06 11:33:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Brandon\Desktop\*.tmp files -> C:\Users\Brandon\Desktop\*.tmp -> ] [1 C:\Users\Brandon\AppData\Local\*.tmp files -> C:\Users\Brandon\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/05 11:13:57 | 000,144,960 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012/08/05 11:13:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/05 11:13:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/05 11:13:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/05 01:01:52 | 000,000,024 | ---- | M] () -- C:\Users\Brandon\random.dat [2012/08/05 00:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/04 23:22:36 | 000,000,024 | ---- | M] () -- C:\Users\Brandon\jagexappletviewer.preferences [2012/08/04 21:45:10 | 000,000,032 | ---- | M] () -- C:\Users\Brandon\jagex_cl_runescape_LIVE.dat [2012/08/04 21:38:57 | 000,000,512 | ---- | M] () -- C:\Users\Brandon\Desktop\MBR.dat [2012/08/04 21:32:49 | 000,144,960 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012/08/04 21:32:29 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012/08/04 21:31:50 | 4294,037,504 | -HS- | M] () -- C:\hiberfil.sys [2012/08/04 21:30:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/08/04 10:05:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Brandon\Desktop\dds(1).scr [2012/08/03 21:42:18 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/03 21:26:19 | 000,002,523 | ---- | M] () -- C:\Users\Brandon\Desktop\HiJackThis.lnk [2012/08/03 20:52:58 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys [2012/08/02 22:28:06 | 000,060,416 | ---- | M] () -- C:\Users\Brandon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/08/02 02:28:37 | 228,952,606 | ---- | M] () -- C:\Users\Brandon\Desktop\MVI_1175.AVI [2012/08/02 01:38:04 | 000,175,443 | ---- | M] () -- C:\Users\Brandon\Desktop\me.jpg [2012/08/01 07:48:15 | 000,039,498 | ---- | M] () -- C:\Users\Brandon\Desktop\image223.jpg [2012/07/31 14:45:52 | 000,206,196 | ---- | M] () -- C:\Users\Brandon\Desktop\99-3.jpg [2012/07/31 14:39:22 | 000,140,118 | ---- | M] () -- C:\Users\Brandon\Desktop\99-2.jpg [2012/07/31 14:38:48 | 000,179,777 | ---- | M] () -- C:\Users\Brandon\Desktop\99.jpg [2012/07/31 12:44:30 | 000,897,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/31 12:44:30 | 000,741,734 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/31 12:44:30 | 000,158,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/28 14:27:50 | 000,000,051 | ---- | M] () -- C:\Users\Brandon\jagex_cl_runescape_LIVE_BETA.dat [2012/07/17 12:41:49 | 000,354,816 | ---- | M] () -- C:\Users\Brandon\Desktop\Round3.pub [2012/07/17 12:37:02 | 000,262,815 | ---- | M] () -- C:\Users\Brandon\Desktop\Picture1.jpg [2012/07/17 03:20:51 | 000,000,935 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2012/07/16 11:10:22 | 000,300,484 | ---- | M] () -- C:\Users\Brandon\Desktop\Round3.zip [2012/07/13 15:23:08 | 000,001,313 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/07/12 17:12:13 | 000,029,349 | ---- | M] () -- C:\Users\Brandon\Desktop\image311.jpg [2012/07/12 00:59:28 | 000,056,300 | ---- | M] () -- C:\Users\Brandon\Desktop\tn.jpg [2012/07/11 12:41:34 | 000,001,893 | ---- | M] () -- C:\Users\Brandon\Desktop\RuneScape.lnk [2012/07/11 12:37:20 | 000,000,879 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/07/11 12:37:20 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/07/11 03:28:15 | 000,436,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/10 23:16:20 | 000,000,845 | ---- | M] () -- C:\Users\Brandon\.recently-used.xbel [2012/07/06 22:34:38 | 000,000,680 | ---- | M] () -- C:\Users\Brandon\AppData\Local\d3d9caps.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Brandon\Desktop\*.tmp files -> C:\Users\Brandon\Desktop\*.tmp -> ] [1 C:\Users\Brandon\AppData\Local\*.tmp files -> C:\Users\Brandon\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/04 21:38:57 | 000,000,512 | ---- | C] () -- C:\Users\Brandon\Desktop\MBR.dat [2012/08/04 21:32:56 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\00000008.@ [2012/08/04 21:32:47 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000032.@ [2012/08/04 10:11:07 | 000,000,673 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\L\00000004.@ [2012/08/03 21:42:17 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/03 16:06:35 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000064.@ [2012/08/03 16:06:01 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000000.@ [2012/08/02 01:38:04 | 000,175,443 | ---- | C] () -- C:\Users\Brandon\Desktop\me.jpg [2012/07/31 14:45:51 | 000,206,196 | ---- | C] () -- C:\Users\Brandon\Desktop\99-3.jpg [2012/07/31 14:39:21 | 000,140,118 | ---- | C] () -- C:\Users\Brandon\Desktop\99-2.jpg [2012/07/31 14:38:48 | 000,179,777 | ---- | C] () -- C:\Users\Brandon\Desktop\99.jpg [2012/07/27 18:10:32 | 000,039,498 | ---- | C] () -- C:\Users\Brandon\Desktop\image223.jpg [2012/07/16 11:27:03 | 000,262,815 | ---- | C] () -- C:\Users\Brandon\Desktop\Picture1.jpg [2012/07/16 11:10:22 | 000,300,484 | ---- | C] () -- C:\Users\Brandon\Desktop\Round3.zip [2012/07/13 15:23:08 | 000,001,313 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/07/12 17:12:12 | 000,029,349 | ---- | C] () -- C:\Users\Brandon\Desktop\image311.jpg [2012/07/12 14:27:24 | 228,952,606 | ---- | C] () -- C:\Users\Brandon\Desktop\MVI_1175.AVI [2012/07/12 00:59:28 | 000,056,300 | ---- | C] () -- C:\Users\Brandon\Desktop\tn.jpg [2012/07/11 22:32:23 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/11 12:42:12 | 000,000,024 | ---- | C] () -- C:\Users\Brandon\jagexappletviewer.preferences [2012/07/11 12:41:34 | 000,001,923 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk [2012/07/11 12:41:34 | 000,001,893 | ---- | C] () -- C:\Users\Brandon\Desktop\RuneScape.lnk [2012/07/11 12:37:20 | 000,000,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/07/10 23:16:20 | 000,000,845 | ---- | C] () -- C:\Users\Brandon\.recently-used.xbel [2012/07/10 23:05:36 | 000,354,816 | ---- | C] () -- C:\Users\Brandon\Desktop\Round3.pub [2012/06/27 15:20:17 | 000,000,047 | ---- | C] () -- C:\Users\Brandon\jagex_cl_runescape_LIVE1.dat [2012/06/27 14:51:55 | 000,000,051 | ---- | C] () -- C:\Users\Brandon\jagex_cl_runescape_LIVE_BETA.dat [2012/06/27 14:51:55 | 000,000,024 | ---- | C] () -- C:\Users\Brandon\random.dat [2012/03/03 23:28:11 | 000,000,038 | ---- | C] () -- C:\Users\Brandon\.gtk-bookmarks [2012/01/12 19:57:13 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ZLIB.DLL [2012/01/11 13:30:12 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\@ [2012/01/11 13:30:12 | 000,002,048 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\@ [2012/01/09 00:16:16 | 000,011,520 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\488o5v2e4050 [2012/01/09 00:16:16 | 000,011,520 | -HS- | C] () -- C:\ProgramData\488o5v2e4050 [2011/10/25 22:12:16 | 000,000,032 | ---- | C] () -- C:\Users\Brandon\jagex_cl_runescape_LIVE.dat [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/11 00:27:17 | 000,000,552 | ---- | C] () -- C:\Users\Brandon\AppData\Local\d3d8caps.dat [2011/08/22 12:53:44 | 000,000,732 | ---- | C] () -- C:\Users\Brandon\AppData\Local\d3d9caps64.dat [2011/08/17 23:37:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/08/17 23:37:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/08/17 23:37:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/08/17 23:37:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/08/17 23:37:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/08/17 22:57:01 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\defogger_reenable [2011/08/10 12:04:33 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2011/08/10 12:03:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011/08/10 12:03:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011/07/19 15:26:12 | 000,000,284 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\DelAll.bat [2011/04/18 21:57:22 | 000,895,502 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/04/05 21:25:59 | 000,011,348 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\gu5xia0g22np28wlt72rb0t5l8t4a8tira5n6fwk2fyvna [2011/04/05 21:25:59 | 000,011,348 | -HS- | C] () -- C:\ProgramData\gu5xia0g22np28wlt72rb0t5l8t4a8tira5n6fwk2fyvna [2011/04/05 20:30:43 | 000,000,020 | ---- | C] () -- C:\ProgramData\48f9f634 [2011/04/05 17:49:15 | 000,001,185 | ---- | C] () -- C:\ProgramData\1745062479 [2011/04/05 17:49:01 | 000,000,144 | -HS- | C] () -- C:\ProgramData\1210687843 [2010/06/28 23:00:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/05/09 12:22:54 | 000,000,040 | ---- | C] () -- C:\Users\Brandon\jagex__preferences3.dat [2009/09/07 01:06:05 | 000,000,129 | ---- | C] () -- C:\Users\Brandon\jagex_runescape_preferences2.dat [2009/01/19 16:46:37 | 000,144,960 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/01/19 08:59:00 | 000,144,960 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/01/19 00:02:45 | 000,000,680 | ---- | C] () -- C:\Users\Brandon\AppData\Local\d3d9caps.dat [2009/01/03 22:40:37 | 000,060,416 | ---- | C] () -- C:\Users\Brandon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/01/03 08:42:01 | 000,000,046 | ---- | C] () -- C:\Users\Brandon\jagex_runescape_preferences.dat ========== LOP Check ========== [2009/01/19 16:47:15 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\agi [2012/02/27 22:40:41 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Atari [2010/06/13 22:11:49 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Facebook [2012/07/18 12:30:27 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\FileZilla [2012/08/03 18:03:32 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\FrostWire [2012/07/10 23:16:20 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\gtk-2.0 [2009/03/16 20:10:20 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Humanbalance [2011/06/08 00:41:29 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\KompoZer [2012/02/27 22:15:32 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Leadertech [2012/01/12 19:59:14 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Likno Software [2012/07/29 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\LimeWire [2010/07/01 01:39:04 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Music Recognition [2011/09/10 18:33:09 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\OpenCandy [2009/09/01 01:21:00 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\River Past G5 [2011/05/25 11:00:35 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Screaming Bee [2011/04/05 16:48:33 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Tific [2011/08/08 16:06:47 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\wargaming.net [2012/07/11 00:19:20 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\YourFileDownloader [2012/08/04 21:30:33 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Brandon\Desktop\MVI_1175.AVI:TOC.WMV < End of report > Extras.txt: OTL Extras logfile created on: 8/5/2012 11:19:23 AM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Brandon\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.01% Memory free 8.17 Gb Paging File | 5.89 Gb Available in Paging File | 72.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 1.29 Gb Free Space | 1.11% Space Free | Partition Type: NTFS Drive D: | 105.71 Gb Total Space | 89.95 Gb Free Space | 85.10% Space Free | Partition Type: NTFS Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-3268160211-647110919-3188366877-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 28 EE 12 4D 7D 57 CC 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0F7861E5-3B24-33CA-AECF-B5477194CEEB}" = Windows Phone Emulator x64 - ENU "{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear eXtreme "{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java 7 (64-bit) "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files "{3B9C0F4A-490F-41AC-8C4A-F4A609E894B3}" = Likno Web Tabs Builder 2.0.206 "{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java SE Development Kit 7 (64-bit) "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared "{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "jEdit_is1" = jEdit 4.3.2 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit) "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit) "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "SynTPDeinstKey" = Synaptics Pointing Device Driver "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK "{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools "{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components) "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4 "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.5 "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2C3AB990-1F33-3D6B-9F34-8D5189FA04D3}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation "{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4 "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries "{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010 "{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun "{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 "{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2 "{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists) "{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0) "{B86149D3-18A2-41FD-A153-60AF944E47FE}" = Microsoft Windows Phone 7 Developer Resources "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CFB91CB0-17D9-44EB-BFB2-5307AB7E7DDC}" = Microsoft Visual Studio 2010 Express for Windows Phone - ENU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8 "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers "3Impact_is1" = 3Impact "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "Blend_4.0.20901.0" = Microsoft Expression Blend 4 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "CSS Tab Designer_is1" = CSS Tab Designer v2.0 "DVD Flick_is1" = DVD Flick 1.3.0.7 "ENTERPRISER" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.5.3 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU "Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU "Microsoft Visual Studio 2010 Express for Windows Phone - ENU" = Microsoft Windows Phone Developer Tools - ENU "Monopoly" = Monopoly "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAV" = Norton AntiVirus "RealPlayer 12.0" = RealPlayer "SMSCaster E-Marketer GSM Standard_is1" = SMSCaster E-Marketer GSM Standard v3.7 "SoftwareUpdUtility" = Download Updater (AOL LLC) "Steam App 550" = Left 4 Dead 2 "Steam App 564" = Left 4 Dead 2 Add-on Support "Tiled" = Tiled - Tiled Map Editor "VLC media player" = VLC media player 1.0.1 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = WinRAR 4.01 (32-bit) "XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0 "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3268160211-647110919-3188366877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "b917815c58cec9aa" = WindowsApplication1 "Facebook Plug-In" = Facebook Plug-In ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/5/2012 1:08:27 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 8/5/2012 1:08:27 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 11778 Error - 8/5/2012 1:08:27 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 11778 Error - 8/5/2012 1:08:28 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 8/5/2012 1:08:28 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 12807 Error - 8/5/2012 1:08:28 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 12807 Error - 8/5/2012 1:08:29 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 8/5/2012 1:08:29 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13806 Error - 8/5/2012 1:08:29 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13806 Error - 8/5/2012 11:18:02 AM | Computer Name = Brandon-PC | Source = Windows Search Service | ID = 3013 Description = [ Media Center Events ] Error - 10/11/2009 11:42:13 PM | Computer Name = Brandon-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ System Events ] Error - 9/16/2010 3:04:50 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7009 Description = Error - 9/16/2010 3:04:50 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 9/16/2010 3:04:50 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7009 Description = Error - 9/16/2010 3:04:50 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 9/16/2010 3:26:53 AM | Computer Name = Brandon-PC | Source = HTTP | ID = 15016 Description = Error - 9/16/2010 3:28:54 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7009 Description = Error - 9/16/2010 3:28:54 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 9/16/2010 3:29:17 AM | Computer Name = Brandon-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 9/16/2010 6:59:40 AM | Computer Name = Brandon-PC | Source = volsnap | ID = 393251 Description = The shadow copies of volume C: were aborted because the shadow copy storage failed to grow. Error - 9/21/2010 8:33:31 PM | Computer Name = Brandon-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 7:37:21 AM on 9/16/2010 was unexpected. < End of report >

Malewarebytes log: Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.04.10 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Brandon :: BRANDON-PC [administrator] Protection: Enabled 8/4/2012 8:58:27 PM mbam-log-2012-08-04 (20-58-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 199085 Time elapsed: 11 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully. (end) aswMBR log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-04 21:36:52 ----------------------------- 21:36:52.008 OS Version: Windows x64 6.0.6002 Service Pack 2 21:36:52.008 Number of processors: 2 586 0xF0D 21:36:52.008 ComputerName: BRANDON-PC UserName: Brandon 21:36:53.365 Initialize success 21:37:06.072 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 21:37:06.087 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3 21:37:06.134 Disk 0 MBR read successfully 21:37:06.134 Disk 0 MBR scan 21:37:06.150 Disk 0 unknown MBR code 21:37:06.181 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10997 MB offset 63 21:37:06.212 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119232 MB offset 22523130 21:37:06.228 Disk 0 Partition - 00 0F Extended LBA 108244 MB offset 266711280 21:37:06.290 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 108244 MB offset 266711324 21:37:06.352 Disk 0 scanning C:\Windows\system32\drivers 21:37:25.260 Service scanning 21:38:31.385 Modules scanning 21:38:31.395 Disk 0 trace - called modules: 21:38:31.425 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll 21:38:31.775 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f0e790] 21:38:31.785 3 CLASSPNP.SYS[fffffa60011cfc33] -> nt!IofCallDriver -> [0xfffffa8004bac330] 21:38:31.795 5 acpi.sys[fffffa60008f5fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bb5050] 21:38:31.805 Scan finished successfully 21:38:57.651 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat" 21:38:57.659 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt" DDS log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Brandon at 21:39:42 on 2012-08-04 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2021 [GMT -4:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files\P4G\BatteryLife.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe C:\Windows\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe D:\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Users\Brandon\Downloads\aswMBR.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\conime.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://oc-startpage.aol.com/ uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "D:\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{34AEEEB9-D965-46C9-8533-D3AF1705D6D3} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{FC602071-B493-4C3A-98A8-BAB07C14E525} : DhcpNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "D:\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-opencandy-chromesbox-en-us&tb_uuid=20110910223317895&tb_oid=11-09-2011&tb_mrud=11-09-2011 FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.type - 0 FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\components\IPSFFPl.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{65056c24-1bd2-4a50-844a-20ee6ab19187}\components\RadioWMPCore.dll FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{65056c24-1bd2-4a50-844a-20ee6ab19187}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\MailUtil.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll FF - plugin: D:\Mozilla Plugins\npitunes.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-14 1161376] R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20120713.001\IDSviA64.sys [2012-7-13 509088] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS [?] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2008-9-22 14904] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-3 655944] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccsvchst.exe [2011-12-17 126400] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-28 138912] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-11 250056] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-11 113120] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-8-10 89920] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744] S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-08-04 01:42:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-04 00:52:58 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys 2012-08-03 22:16:55 -------- d-----w- C:\Users\Brandon\AppData\Local\NPE 2012-08-03 20:13:18 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-13 19:23:00 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-07-13 19:23:00 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-07-13 19:23:00 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-07-13 19:21:47 -------- d-----w- C:\Program Files\iPod 2012-07-13 19:21:42 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-07-13 19:21:42 -------- d-----w- C:\Program Files\iTunes 2012-07-13 19:14:33 -------- d-----w- C:\Program Files\Bonjour 2012-07-13 19:14:33 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-07-12 02:32:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-11 07:03:56 2769408 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 04:19:20 -------- d-----w- C:\Users\Brandon\AppData\Roaming\YourFileDownloader 2012-07-11 01:54:09 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-07-11 01:54:09 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 01:54:05 1869824 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 01:54:05 1797120 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 01:54:04 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-11 01:54:04 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-11 01:54:02 77312 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-07-11 01:54:02 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-07-11 01:54:02 347136 ----a-w- C:\Windows\System32\schannel.dll 2012-07-11 01:54:02 278528 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-07-11 01:54:02 254464 ----a-w- C:\Windows\System32\ncrypt.dll 2012-07-11 01:54:02 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-07-06 18:03:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-06 15:42:28 -------- d-----w- C:\Users\Brandon\AppData\Local\Macromedia . ==================== Find3M ==================== . 2012-08-05 01:32:29 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 21:42:16.14 =============== I am not sure if you need attach.txt but here it is: Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 9/22/2008 8:39:42 PM System Uptime: 8/4/2012 9:31:17 PM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | N80Vb Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz | Socket 478 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 116 GiB total, 1.581 GiB free. D: is FIXED (NTFS) - 106 GiB total, 89.954 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 3Impact Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) Adobe Shockwave Player Amazon Kindle Apple Application Support Apple Software Update ASUS InstantFun ASUS LifeFrame3 ASUS Live Update ASUS SmartLogon ASUS Splendid Video Enhancement Technology ATK Generic Function Service ATK Hotkey ATK Media ATKOSD2 AVS Update Manager 1.0 AVS Video Converter 6 AVS4YOU Software Navigator 1.3 CSS Tab Designer v2.0 CyberLink LabelPrint CyberLink Power2Go Download Updater (AOL LLC) DVD Flick 1.3.0.7 Facebook Plug-In FileZilla Client 3.5.3 GIMP 2.6.11 Google SketchUp 8 HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708) Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB982218) Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899) ITECIR Java Auto Updater Java 6 Update 31 Left 4 Dead 2 Left 4 Dead 2 Add-on Support LG USB Modem Drivers LightScribe System Software 1.14.17.1 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Expression Blend 3 SDK Microsoft Expression Blend 4 Microsoft Expression Blend 4 Add-in for Adobe FXG Import Microsoft Expression Blend SDK for .NET 4 Microsoft Expression Blend SDK for Silverlight 4 Microsoft Expression Blend SDK for Windows Phone 7 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft Silverlight Tools for Visual Studio 2010 Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Browser Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server System CLR Types Microsoft VC9 runtime libraries Microsoft Visual Basic 2008 Express Edition with SP1 - ENU Microsoft Visual Basic 2010 Express - ENU Microsoft Visual C# 2010 Express - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Express for Windows Phone - ENU Microsoft Windows Phone 7 Developer Resources Microsoft Windows Phone Developer Tools - ENU Microsoft XNA Framework Redistributable 4.0 Microsoft XNA Game Studio 4.0 Microsoft XNA Game Studio 4.0 (ARP entry) Microsoft XNA Game Studio 4.0 (Redists) Microsoft XNA Game Studio 4.0 (Shared Components) Microsoft XNA Game Studio 4.0 (Visual Studio) Microsoft XNA Game Studio 4.0 (XnaLiveProxy) Microsoft XNA Game Studio 4.0 Documentation Microsoft XNA Game Studio 4.0 Windows Phone Extensions Microsoft XNA Game Studio Platform Tools Monopoly Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service Norton AntiVirus NVIDIA PhysX QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver RealUpgrade 1.1 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 RollerCoaster Tycoon 3 Platinum RuneScape Launcher 1.2 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487) Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489) Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489) SMSCaster E-Marketer GSM Standard v3.7 Steam Tiled - Tiled Map Editor Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 1.0.1 Windows Media Player Firefox Plugin Windows Phone 7 Add-in for Visual Studio 2010 - ENU WindowsApplication1 WinRAR 4.01 (32-bit) Wireless Console 2 World of Tanks v.0.6.5 Yahoo! Detect . ==== End Of File ===========================

Alright Thank you! Here is my DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Brandon at 10:07:43 on 2012-08-04 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1873 [GMT -4:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files\P4G\BatteryLife.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe D:\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\conime.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://oc-startpage.aol.com/ uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "D:\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{34AEEEB9-D965-46C9-8533-D3AF1705D6D3} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{FC602071-B493-4C3A-98A8-BAB07C14E525} : DhcpNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "D:\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-opencandy-chromesbox-en-us&tb_uuid=20110910223317895&tb_oid=11-09-2011&tb_mrud=11-09-2011 FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: network.proxy.type - 0 FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\components\IPSFFPl.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{65056c24-1bd2-4a50-844a-20ee6ab19187}\components\RadioWMPCore.dll FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{65056c24-1bd2-4a50-844a-20ee6ab19187}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\MailUtil.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll FF - plugin: D:\Mozilla Plugins\npitunes.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-14 1161376] R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20120713.001\IDSviA64.sys [2012-7-13 509088] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS [?] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2008-9-22 14904] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-3 655944] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-28 138912] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccsvchst.exe [2011-12-17 126400] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-11 250056] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-11 113120] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-8-10 89920] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744] S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-08-04 01:42:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-04 00:52:58 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys 2012-08-03 22:16:55 -------- d-----w- C:\Users\Brandon\AppData\Local\NPE 2012-08-03 20:13:18 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-13 19:23:00 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-07-13 19:23:00 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-07-13 19:23:00 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-07-13 19:21:47 -------- d-----w- C:\Program Files\iPod 2012-07-13 19:21:42 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-07-13 19:21:42 -------- d-----w- C:\Program Files\iTunes 2012-07-13 19:14:33 -------- d-----w- C:\Program Files\Bonjour 2012-07-13 19:14:33 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-07-12 02:32:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-11 07:03:56 2769408 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 04:19:20 -------- d-----w- C:\Users\Brandon\AppData\Roaming\YourFileDownloader 2012-07-11 01:54:09 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-07-11 01:54:09 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 01:54:05 1869824 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 01:54:05 1797120 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 01:54:04 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-11 01:54:04 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-11 01:54:02 77312 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-07-11 01:54:02 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-07-11 01:54:02 347136 ----a-w- C:\Windows\System32\schannel.dll 2012-07-11 01:54:02 278528 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-07-11 01:54:02 254464 ----a-w- C:\Windows\System32\ncrypt.dll 2012-07-11 01:54:02 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-07-06 18:03:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-06 15:42:28 -------- d-----w- C:\Users\Brandon\AppData\Local\Macromedia . ==================== Find3M ==================== . 2012-08-04 01:53:20 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 10:08:50.46 =============== Attach.txt is: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 9/22/2008 8:39:42 PM System Uptime: 8/4/2012 7:31:05 AM (3 hours ago) . Motherboard: ASUSTeK Computer Inc. | | N80Vb Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz | Socket 478 | 1600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 116 GiB total, 1.268 GiB free. D: is FIXED (NTFS) - 106 GiB total, 89.954 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 3Impact Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) Adobe Shockwave Player Amazon Kindle Apple Application Support Apple Software Update ASUS InstantFun ASUS LifeFrame3 ASUS Live Update ASUS SmartLogon ASUS Splendid Video Enhancement Technology ATK Generic Function Service ATK Hotkey ATK Media ATKOSD2 AVS Update Manager 1.0 AVS Video Converter 6 AVS4YOU Software Navigator 1.3 CSS Tab Designer v2.0 CyberLink LabelPrint CyberLink Power2Go Download Updater (AOL LLC) DVD Flick 1.3.0.7 Facebook Plug-In FileZilla Client 3.5.3 FrostWire 4.21.5 FrostWire 5.3.7 GIMP 2.6.11 Google SketchUp 8 HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127) Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708) Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB982218) Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899) ITECIR Java Auto Updater Java 6 Update 31 Left 4 Dead 2 Left 4 Dead 2 Add-on Support LG USB Modem Drivers LightScribe System Software 1.14.17.1 LimeWire 5.1.1 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Expression Blend 3 SDK Microsoft Expression Blend 4 Microsoft Expression Blend 4 Add-in for Adobe FXG Import Microsoft Expression Blend SDK for .NET 4 Microsoft Expression Blend SDK for Silverlight 4 Microsoft Expression Blend SDK for Windows Phone 7 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft Silverlight Tools for Visual Studio 2010 Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Browser Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server System CLR Types Microsoft VC9 runtime libraries Microsoft Visual Basic 2008 Express Edition with SP1 - ENU Microsoft Visual Basic 2010 Express - ENU Microsoft Visual C# 2010 Express - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Express for Windows Phone - ENU Microsoft Windows Phone 7 Developer Resources Microsoft Windows Phone Developer Tools - ENU Microsoft XNA Framework Redistributable 4.0 Microsoft XNA Game Studio 4.0 Microsoft XNA Game Studio 4.0 (ARP entry) Microsoft XNA Game Studio 4.0 (Redists) Microsoft XNA Game Studio 4.0 (Shared Components) Microsoft XNA Game Studio 4.0 (Visual Studio) Microsoft XNA Game Studio 4.0 (XnaLiveProxy) Microsoft XNA Game Studio 4.0 Documentation Microsoft XNA Game Studio 4.0 Windows Phone Extensions Microsoft XNA Game Studio Platform Tools Monopoly Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service Norton AntiVirus NVIDIA PhysX QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver RealUpgrade 1.1 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 RollerCoaster Tycoon 3 Platinum RuneScape Launcher 1.2 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487) Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489) Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489) SMSCaster E-Marketer GSM Standard v3.7 Steam Tiled - Tiled Map Editor Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Viewpoint Media Player Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 1.0.1 Windows Media Player Firefox Plugin Windows Phone 7 Add-in for Visual Studio 2010 - ENU WindowsApplication1 WinRAR 4.01 (32-bit) Wireless Console 2 World of Tanks v.0.6.5 Yahoo! Detect . ==== End Of File ===========================