Jump to content

Google search hijacker


Recommended Posts

I have several problems. The first is a Google search hijacker; most times when I click on links from a Google search it will take me to a random site and sometimes new tabs open taking me to random sites. Additionally I've recently had the security shield virus, but I believe SUPERantispyware nuked it. I've also been experiencing framerate stutters while playing 3D games (TF2, L4D2, Crysis 2 etc), the games will perform perfectly but at random intervals I'll encounter 20-30 seconds of extremely low fps (1-2), I'm not sure if this is a software or hardware issue, but it behaves like a memory leak, when I alt-tab the rest of Windows is slow to respond. Any help you can provide would be awesome, thanks! :)

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31

Run by Eric at 22:08:21 on 2012-07-25

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.3144 [GMT -7:00]

.

AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe

C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe

C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Trillian\trillian.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe

C:\Program Files\ASUS\Turbo Gear\GearHelp.exe

C:\Program Files\ASUS\Turbo Gear\TurboGear.exe

C:\Program Files (x86)\P4P\P4P.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Games\Steam\Steam.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

C:\Program Files (x86)\DAP\DAP.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: DAPHelper Class: {0000cc75-acf3-4cac-a0a9-dd3868e06852} - C:\Program Files (x86)\DAP\DAPBHO.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

uRun: [Voobly]

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

mRun: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe

mRun: [Turbo Gear Help] "C:\Program Files\ASUS\Turbo Gear\GearHelp.exe"

mRun: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r

mRun: [PowerForPhone] "C:\Program Files (x86)\P4P\P4P.exe"

mRun: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe

mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm

IE: &Download with &DAP - C:\PROGRA~2\DAP\dapextie.htm

IE: Download &all with DAP - C:\PROGRA~2\DAP\dapextie2.htm

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll/206

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{24B70DC2-AF4A-4186-A57E-C21B0EC8BE4C}\2416272656279637 : DhcpNameServer = 68.87.69.150 68.87.85.102

TCP: Interfaces\{24B70DC2-AF4A-4186-A57E-C21B0EC8BE4C}\348627963702374797C65637 : DhcpNameServer = 192.168.43.1

TCP: Interfaces\{739FD9CF-BEE9-418B-846A-1295A7961FB6} : DhcpNameServer = 192.168.1.1

Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll

BHO-X64: DAPHelper Class: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files (x86)\DAP\DAPBHO.dll

BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll

BHO-X64: BitComet ClickCapture - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun-x64: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

mRun-x64: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe

mRun-x64: [Turbo Gear Help] "C:\Program Files\ASUS\Turbo Gear\GearHelp.exe"

mRun-x64: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r

mRun-x64: [PowerForPhone] "C:\Program Files (x86)\P4P\P4P.exe"

mRun-x64: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe

mRun-x64: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun-x64: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll/206

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\x276b486.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2011-4-23 14904]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-18 1258856]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-28 382312]

R2 WBVGAservice;WB VGA Service;C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2011-4-23 72248]

R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-15 655944]

S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine

\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-26 250056]

S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-7-19 21712]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

.

=============== Created Last 30 ================

.

2012-07-26 04:16:23 -------- d-----w- C:\Program Files (x86)\Windows Movie Maker

2012-07-21 03:02:57 202336 ----a-w- C:\Windows\System32\AERTAC64.dll

2012-07-21 03:02:57 108640 ----a-w- C:\Windows\System32\AERTAR64.dll

2012-07-20 23:22:50 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-07-20 06:31:59 -------- d-----w- C:\Users\Eric\AppData\Roaming\SUPERAntiSpyware.com

2012-07-20 06:30:37 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-07-20 06:30:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-07-20 06:29:04 -------- d-----w- C:\Program Files\CCleaner

2012-07-20 05:52:29 16384 ----a-w- C:\Windows\System32\drivers\EIO64.sys

2012-07-20 05:28:55 5485456 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-07-20 05:28:55 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-07-20 05:28:54 3954064 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-07-20 04:40:02 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS

2012-07-20 04:40:02 -------- d-----w- C:\Users\Eric\AppData\Local\eSupport.com

2012-07-19 00:29:49 711240 ----a-w- C:\Windows\isRS-000.tmp

2012-07-19 00:11:49 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-07-19 00:11:28 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-07-19 00:11:28 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-07-19 00:11:28 6193000 ----a-w- C:\Windows\System32\nvcpl.dll

2012-07-19 00:11:28 3266408 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-07-19 00:11:28 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-07-19 00:11:28 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-07-19 00:10:54 60776 ----a-w- C:\Windows\System32\OpenCL.dll

2012-07-19 00:10:54 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-07-19 00:10:39 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-07-11 12:56:12 157 ----a-w- C:\ADS6C3B.tmp

2012-07-11 12:26:12 853 ----a-w- C:\ADSF507.tmp

2012-07-11 11:56:12 157 ----a-w- C:\ADS7DB3.tmp

2012-07-11 11:26:12 157 ----a-w- C:\ADS670.tmp

2012-07-11 10:56:12 157 ----a-w- C:\ADS8F2C.tmp

2012-07-11 10:26:12 157 ----a-w- C:\ADS17EC.tmp

2012-07-11 09:56:12 157 ----a-w- C:\ADSA099.tmp

2012-07-11 09:26:12 157 ----a-w- C:\ADS2955.tmp

2012-07-11 08:56:12 157 ----a-w- C:\ADSB211.tmp

2012-07-11 08:26:12 157 ----a-w- C:\ADS3ACD.tmp

2012-07-11 07:56:12 157 ----a-w- C:\ADSC389.tmp

2012-07-11 07:26:12 853 ----a-w- C:\ADS4C45.tmp

2012-07-11 06:56:12 157 ----a-w- C:\ADSD511.tmp

2012-07-11 06:26:12 157 ----a-w- C:\ADS5DB5.tmp

2012-07-11 05:56:12 157 ----a-w- C:\ADSE681.tmp

2012-07-11 05:26:12 157 ----a-w- C:\ADS6F2D.tmp

2012-07-11 04:56:12 157 ----a-w- C:\ADSF7E9.tmp

2012-07-11 04:26:12 157 ----a-w- C:\ADS80B5.tmp

2012-07-11 03:56:12 157 ----a-w- C:\ADS952.tmp

2012-07-11 03:26:12 157 ----a-w- C:\ADS923D.tmp

2012-07-11 02:56:12 157 ----a-w- C:\ADS1ACA.tmp

2012-07-11 02:26:12 853 ----a-w- C:\ADSA386.tmp

2012-07-11 01:56:12 157 ----a-w- C:\ADS2C61.tmp

2012-07-11 01:26:12 157 ----a-w- C:\ADSB50E.tmp

2012-07-11 00:56:12 157 ----a-w- C:\ADS3DBA.tmp

2012-07-11 00:26:12 157 ----a-w- C:\ADSC686.tmp

2012-07-10 23:56:12 157 ----a-w- C:\ADS4F32.tmp

2012-07-10 23:26:12 157 ----a-w- C:\ADSD81D.tmp

2012-07-10 22:56:12 157 ----a-w- C:\ADS60BA.tmp

2012-07-10 22:26:12 157 ----a-w- C:\ADSE976.tmp

2012-07-10 21:56:12 157 ----a-w- C:\ADS7223.tmp

2012-07-10 21:26:12 853 ----a-w- C:\ADSFAEE.tmp

2012-07-10 20:56:12 157 ----a-w- C:\ADS839B.tmp

2012-07-10 20:26:12 157 ----a-w- C:\ADSC57.tmp

2012-07-10 19:56:12 157 ----a-w- C:\ADS9513.tmp

2012-07-10 19:26:12 157 ----a-w- C:\ADS1DDF.tmp

2012-07-10 18:56:12 157 ----a-w- C:\ADSA68B.tmp

2012-07-10 18:26:12 157 ----a-w- C:\ADS2F57.tmp

2012-07-10 17:56:12 157 ----a-w- C:\ADSB813.tmp

2012-07-10 17:26:12 157 ----a-w- C:\ADS40BF.tmp

2012-07-10 16:56:12 157 ----a-w- C:\ADSC99A.tmp

2012-07-10 16:26:12 853 ----a-w- C:\ADS5247.tmp

2012-07-10 15:56:12 157 ----a-w- C:\ADSDB03.tmp

2012-07-10 15:26:12 157 ----a-w- C:\ADS63BF.tmp

2012-07-10 14:56:12 157 ----a-w- C:\ADSEC7B.tmp

2012-07-10 14:26:12 157 ----a-w- C:\ADS7528.tmp

2012-07-10 13:56:12 157 ----a-w- C:\ADSFDE4.tmp

2012-07-10 13:26:12 157 ----a-w- C:\ADS86A0.tmp

2012-07-10 12:56:12 157 ----a-w- C:\ADSF5C.tmp

2012-07-10 12:26:12 157 ----a-w- C:\ADS9818.tmp

2012-07-10 11:56:12 157 ----a-w- C:\ADS20D4.tmp

2012-07-10 11:26:12 853 ----a-w- C:\ADSA9A0.tmp

2012-07-10 10:56:12 157 ----a-w- C:\ADS324C.tmp

2012-07-10 10:26:12 157 ----a-w- C:\ADSBB08.tmp

2012-07-10 09:56:12 157 ----a-w- C:\ADS43C4.tmp

2012-07-10 09:26:12 157 ----a-w- C:\ADSCC90.tmp

2012-07-10 08:56:12 157 ----a-w- C:\ADS553C.tmp

2012-07-10 08:26:12 157 ----a-w- C:\ADSDE08.tmp

2012-07-10 07:56:12 157 ----a-w- C:\ADS66C4.tmp

2012-07-10 07:26:12 157 ----a-w- C:\ADSEF80.tmp

2012-07-10 06:56:12 157 ----a-w- C:\ADS783C.tmp

2012-07-10 06:26:12 853 ----a-w- C:\ADS108.tmp

2012-07-10 05:56:12 157 ----a-w- C:\ADS89B4.tmp

2012-07-10 05:26:12 157 ----a-w- C:\ADS1261.tmp

2012-07-10 04:56:12 157 ----a-w- C:\ADS9B2C.tmp

2012-07-10 04:26:12 157 ----a-w- C:\ADS23D9.tmp

2012-07-10 03:56:12 157 ----a-w- C:\ADSACA5.tmp

2012-07-10 03:26:12 157 ----a-w- C:\ADS3561.tmp

2012-07-10 02:56:12 157 ----a-w- C:\ADSBE1D.tmp

2012-07-10 02:26:12 157 ----a-w- C:\ADS4708.tmp

2012-07-10 01:56:12 157 ----a-w- C:\ADSCF85.tmp

2012-07-10 01:26:12 853 ----a-w- C:\ADS5865.tmp

2012-06-29 00:44:42 428904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

==================== Find3M ====================

.

2012-07-23 22:14:43 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-07-20 05:53:23 70656 ----a-w- C:\Windows\System32\drivers\enecir.sys

2012-07-20 05:53:23 1436920 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

2012-07-12 06:00:26 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 06:00:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-19 23:54:20 4065296 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2012-06-14 20:43:32 5096448 ----a-w- C:\Windows\System32\RCoRes64.dat

2012-06-10 15:33:27 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-06-09 06:07:55 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2012-06-08 23:18:46 3615888 ----a-w- C:\Windows\System32\RtkAPO64.dll

2012-06-06 17:44:20 869520 ----a-w- C:\Windows\System32\RtkApi64.dll

2012-06-01 16:37:38 2674320 ----a-w- C:\Windows\System32\RtPgEx64.dll

2012-06-01 01:08:20 105616 ----a-w- C:\Windows\System32\RCoInstII64.dll

2012-05-26 01:54:59 119296 ----a-w- C:\Windows\SysWow64\zlib.dll

2012-05-26 01:06:00 1706640 ----a-w- C:\Windows\RtlExUpd.dll

2012-05-17 18:29:24 7163744 ----a-w- C:\Windows\System32\R4EEP64A.dll

2012-05-17 18:29:22 74592 ----a-w- C:\Windows\System32\R4EEG64A.dll

2012-05-17 18:29:22 141152 ----a-w- C:\Windows\System32\R4EEL64A.dll

2012-05-17 18:29:20 433504 ----a-w- C:\Windows\System32\R4EED64A.dll

2012-05-17 18:29:20 123744 ----a-w- C:\Windows\System32\R4EEA64A.dll

2012-05-10 22:22:14 1262696 ----a-w- C:\Windows\System32\RTCOM64.dll

2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll

.

============= FINISH: 22:11:59.06 ===============

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 4/23/2011 7:53:22 PM

System Uptime: 7/25/2012 12:31:29 PM (10 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | G71GX

Processor: Intel® Core2 Duo CPU P8700 @ 2.53GHz | LGA775 | 2533/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 1.06 GiB free.

D: is CDROM (CDFS)

E: is FIXED (exFAT) - 1397 GiB total, 475.23 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SRTSPX

Device ID: ROOT\LEGACY_SRTSPX\0000

Manufacturer:

Name: SRTSPX

PNP Device ID: ROOT\LEGACY_SRTSPX\0000

Service: SRTSPX

.

Class GUID: {5458011f-08d4-4605-93a2-f03e61bedba3}

Description: EIO Driver

Device ID: ROOT\ASUSOTHERDEVICES\0001

Manufacturer: ASUSTek

Name: EIO Driver

PNP Device ID: ROOT\ASUSOTHERDEVICES\0001

Service: EIO64

.

Class GUID: {5458011f-08d4-4605-93a2-f03e61bedba3}

Description: EIO Driver

Device ID: ROOT\ASUSOTHERDEVICES\0002

Manufacturer: ASUSTek

Name: EIO Driver

PNP Device ID: ROOT\ASUSOTHERDEVICES\0002

Service: EIO64

.

Class GUID: {5458011f-08d4-4605-93a2-f03e61bedba3}

Description: EIO Driver

Device ID: ROOT\ASUSOTHERDEVICES\0003

Manufacturer: ASUSTek

Name: EIO Driver

PNP Device ID: ROOT\ASUSOTHERDEVICES\0003

Service: EIO64

.

==== System Restore Points ===================

.

RP239: 7/25/2012 3:29:00 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

µTorrent

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS

Adobe Reader 8.2.6

ASUS CopyProtect

ASUS Data Security Manager

ASUS LifeFrame3

ASUS Live Update

ASUS MultiFrame

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Turbo Gear Enhanced VGA Driver

ASUS Virtual Camera

Asus_Camera_ScreenSaver

Atheros Client Installation Program

ATK Generic Function Service

ATK Hotkey

ATK Media

ATKOSD2

BitComet 1.07

CCS64 V3.8

CDisplay 1.8

ChkMail

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CuteFTP 8 Professional

DAEMON Tools Pro

Direct Console 2.0

Download Accelerator Plus

EncFlac 1.1.2

Express Gate

FLV Player

Haali Media Splitter

Java Auto Updater

Java 6 Update 31

JDownloader 0.9

Left 4 Dead 2

Magic Workstation 0.94f

Malwarebytes Anti-Malware version 1.62.0.1300

Matroska Pack

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

Mumble 1.2.3

My Screen Recorder Pro 2.3

NB Probe

Net4Switch

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

office Convert Pdf to Jpg Jpeg Tiff Free 6.4

OJOsoft Total Video Converter

P4P

QuickTime Alternative 3.2.2

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

Replay Media Catcher 4 (4.3.2)

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01

Stamps.com

Steam

System Requirements Lab

System Requirements Lab CYRI

Team Fortress 2

The Lord of the Rings Online TCG 2

Total Game Control v3.3

Trillian

Turbo Gear Extreme

VLC media player 0.9.9

Voobly

Winamp (remove only)

WinFlash

Wireless Console 2

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

7/25/2012 8:29:25 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service

terminated with the following error: %%-2147024891

7/25/2012 8:29:25 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function

Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

7/25/2012 12:32:05 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following

error: The specified service does not exist as an installed service.

7/25/2012 12:32:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed

to load: SRTSP SRTSPX

7/25/2012 12:32:02 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following

service: BFE. This service might not be installed.

7/25/2012 12:32:02 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the

following service: BFE. This service might not be installed.

7/25/2012 12:32:02 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to

the following error: The system cannot find the file specified.

7/24/2012 7:19:05 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is

10.

7/24/2012 3:59:28 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage

could not grow due to a user imposed limit.

7/24/2012 3:46:40 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500)

while initializing logging resources for channel Microsoft-Windows-Kernel-EventTracing/Admin.

7/21/2012 1:53:10 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=112)

while initializing logging resources for channel Microsoft-Windows-Kernel-EventTracing/Admin.

7/20/2012 11:08:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

7/18/2012 9:45:15 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

7/18/2012 3:06:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for

the Steam Client Service service to connect.

7/18/2012 3:06:45 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the

following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Milosz006 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

µTorrent

BitComet 1.07

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log file

Link to post
Share on other sites

Thanks for your help!

Malwarebytes' Anti-Malware log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.22.11

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Eric :: ROLOTONY [administrator]

7/26/2012 2:53:27 PM

mbam-log-2012-07-26 (14-53-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211540

Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

nswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-26 23:25:12

-----------------------------

23:25:12.882 OS Version: Windows x64 6.1.7600

23:25:12.882 Number of processors: 2 586 0x170A

23:25:12.883 ComputerName: ROLOTONY UserName: Eric

23:25:13.242 Initialize success

23:25:26.830 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

23:25:26.833 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 305245MB BusType: 3

23:25:26.865 Disk 0 MBR read successfully

23:25:26.867 Disk 0 MBR scan

23:25:26.869 Disk 0 Windows 7 default MBR code

23:25:26.914 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048

23:25:26.934 Disk 0 scanning C:\Windows\system32\drivers

23:25:31.586 Service scanning

23:25:43.205 Modules scanning

23:25:43.206 Disk 0 trace - called modules:

23:25:43.236 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys

23:25:43.238 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007316640]

23:25:43.238 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006259050]

23:25:43.239 Scan finished successfully

23:26:40.010 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"

23:26:40.015 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"

DDS log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31

Run by Eric at 23:27:31 on 2012-07-26

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4268 [GMT -7:00]

.

AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe

C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Trillian\trillian.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe

C:\Program Files\ASUS\Turbo Gear\GearHelp.exe

C:\Program Files\ASUS\Turbo Gear\TurboGear.exe

C:\Program Files (x86)\P4P\P4P.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Games\Steam\Steam.exe

C:\Program Files (x86)\Winamp\winamp.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Eric\Downloads\aswMBR.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: DAPHelper Class: {0000cc75-acf3-4cac-a0a9-dd3868e06852} - C:\Program Files (x86)\DAP\DAPBHO.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

uRun: [Voobly]

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

mRun: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe

mRun: [Turbo Gear Help] "C:\Program Files\ASUS\Turbo Gear\GearHelp.exe"

mRun: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r

mRun: [PowerForPhone] "C:\Program Files (x86)\P4P\P4P.exe"

mRun: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe

mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Download with &DAP - C:\PROGRA~2\DAP\dapextie.htm

IE: Download &all with DAP - C:\PROGRA~2\DAP\dapextie2.htm

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{24B70DC2-AF4A-4186-A57E-C21B0EC8BE4C}\2416272656279637 : DhcpNameServer = 68.87.69.150 68.87.85.102

TCP: Interfaces\{24B70DC2-AF4A-4186-A57E-C21B0EC8BE4C}\348627963702374797C65637 : DhcpNameServer = 192.168.43.1

TCP: Interfaces\{739FD9CF-BEE9-418B-846A-1295A7961FB6} : DhcpNameServer = 75.75.75.75 75.75.76.76

Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll

BHO-X64: DAPHelper Class: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files (x86)\DAP\DAPBHO.dll

BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun-x64: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

mRun-x64: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe

mRun-x64: [Turbo Gear Help] "C:\Program Files\ASUS\Turbo Gear\GearHelp.exe"

mRun-x64: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r

mRun-x64: [PowerForPhone] "C:\Program Files (x86)\P4P\P4P.exe"

mRun-x64: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe

mRun-x64: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun-x64: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\x276b486.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

.

============= SERVICES / DRIVERS ===============

.

R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2011-4-23 14904]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-18 1258856]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-28 382312]

R2 WBVGAservice;WB VGA Service;C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2011-4-23 72248]

R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-15 655944]

S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-26 250056]

S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-7-19 21712]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

.

=============== Created Last 30 ================

.

2012-07-26 04:16:23 -------- d-----w- C:\Program Files (x86)\Windows Movie Maker

2012-07-21 03:02:57 202336 ----a-w- C:\Windows\System32\AERTAC64.dll

2012-07-21 03:02:57 108640 ----a-w- C:\Windows\System32\AERTAR64.dll

2012-07-20 23:22:50 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-07-20 06:31:59 -------- d-----w- C:\Users\Eric\AppData\Roaming\SUPERAntiSpyware.com

2012-07-20 06:30:37 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-07-20 06:30:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-07-20 06:29:04 -------- d-----w- C:\Program Files\CCleaner

2012-07-20 05:52:29 16384 ----a-w- C:\Windows\System32\drivers\EIO64.sys

2012-07-20 05:28:55 5485456 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-07-20 05:28:55 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-07-20 05:28:54 3954064 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-07-20 04:40:02 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS

2012-07-20 04:40:02 -------- d-----w- C:\Users\Eric\AppData\Local\eSupport.com

2012-07-19 00:29:49 711240 ----a-w- C:\Windows\isRS-000.tmp

2012-07-19 00:11:49 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-07-19 00:11:28 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-07-19 00:11:28 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-07-19 00:11:28 6193000 ----a-w- C:\Windows\System32\nvcpl.dll

2012-07-19 00:11:28 3266408 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-07-19 00:11:28 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-07-19 00:11:28 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-07-19 00:10:54 60776 ----a-w- C:\Windows\System32\OpenCL.dll

2012-07-19 00:10:54 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-07-19 00:10:39 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-07-11 12:56:12 157 ----a-w- C:\ADS6C3B.tmp

2012-07-11 12:26:12 853 ----a-w- C:\ADSF507.tmp

2012-07-11 11:56:12 157 ----a-w- C:\ADS7DB3.tmp

2012-07-11 11:26:12 157 ----a-w- C:\ADS670.tmp

2012-07-11 10:56:12 157 ----a-w- C:\ADS8F2C.tmp

2012-07-11 10:26:12 157 ----a-w- C:\ADS17EC.tmp

2012-07-11 09:56:12 157 ----a-w- C:\ADSA099.tmp

2012-07-11 09:26:12 157 ----a-w- C:\ADS2955.tmp

2012-07-11 08:56:12 157 ----a-w- C:\ADSB211.tmp

2012-07-11 08:26:12 157 ----a-w- C:\ADS3ACD.tmp

2012-07-11 07:56:12 157 ----a-w- C:\ADSC389.tmp

2012-07-11 07:26:12 853 ----a-w- C:\ADS4C45.tmp

2012-07-11 06:56:12 157 ----a-w- C:\ADSD511.tmp

2012-07-11 06:26:12 157 ----a-w- C:\ADS5DB5.tmp

2012-07-11 05:56:12 157 ----a-w- C:\ADSE681.tmp

2012-07-11 05:26:12 157 ----a-w- C:\ADS6F2D.tmp

2012-07-11 04:56:12 157 ----a-w- C:\ADSF7E9.tmp

2012-07-11 04:26:12 157 ----a-w- C:\ADS80B5.tmp

2012-07-11 03:56:12 157 ----a-w- C:\ADS952.tmp

2012-07-11 03:26:12 157 ----a-w- C:\ADS923D.tmp

2012-07-11 02:56:12 157 ----a-w- C:\ADS1ACA.tmp

2012-07-11 02:26:12 853 ----a-w- C:\ADSA386.tmp

2012-07-11 01:56:12 157 ----a-w- C:\ADS2C61.tmp

2012-07-11 01:26:12 157 ----a-w- C:\ADSB50E.tmp

2012-07-11 00:56:12 157 ----a-w- C:\ADS3DBA.tmp

2012-07-11 00:26:12 157 ----a-w- C:\ADSC686.tmp

2012-07-10 23:56:12 157 ----a-w- C:\ADS4F32.tmp

2012-07-10 23:26:12 157 ----a-w- C:\ADSD81D.tmp

2012-07-10 22:56:12 157 ----a-w- C:\ADS60BA.tmp

2012-07-10 22:26:12 157 ----a-w- C:\ADSE976.tmp

2012-07-10 21:56:12 157 ----a-w- C:\ADS7223.tmp

2012-07-10 21:26:12 853 ----a-w- C:\ADSFAEE.tmp

2012-07-10 20:56:12 157 ----a-w- C:\ADS839B.tmp

2012-07-10 20:26:12 157 ----a-w- C:\ADSC57.tmp

2012-07-10 19:56:12 157 ----a-w- C:\ADS9513.tmp

2012-07-10 19:26:12 157 ----a-w- C:\ADS1DDF.tmp

2012-07-10 18:56:12 157 ----a-w- C:\ADSA68B.tmp

2012-07-10 18:26:12 157 ----a-w- C:\ADS2F57.tmp

2012-07-10 17:56:12 157 ----a-w- C:\ADSB813.tmp

2012-07-10 17:26:12 157 ----a-w- C:\ADS40BF.tmp

2012-07-10 16:56:12 157 ----a-w- C:\ADSC99A.tmp

2012-07-10 16:26:12 853 ----a-w- C:\ADS5247.tmp

2012-07-10 15:56:12 157 ----a-w- C:\ADSDB03.tmp

2012-07-10 15:26:12 157 ----a-w- C:\ADS63BF.tmp

2012-07-10 14:56:12 157 ----a-w- C:\ADSEC7B.tmp

2012-07-10 14:26:12 157 ----a-w- C:\ADS7528.tmp

2012-07-10 13:56:12 157 ----a-w- C:\ADSFDE4.tmp

2012-07-10 13:26:12 157 ----a-w- C:\ADS86A0.tmp

2012-07-10 12:56:12 157 ----a-w- C:\ADSF5C.tmp

2012-07-10 12:26:12 157 ----a-w- C:\ADS9818.tmp

2012-07-10 11:56:12 157 ----a-w- C:\ADS20D4.tmp

2012-07-10 11:26:12 853 ----a-w- C:\ADSA9A0.tmp

2012-07-10 10:56:12 157 ----a-w- C:\ADS324C.tmp

2012-07-10 10:26:12 157 ----a-w- C:\ADSBB08.tmp

2012-07-10 09:56:12 157 ----a-w- C:\ADS43C4.tmp

2012-07-10 09:26:12 157 ----a-w- C:\ADSCC90.tmp

2012-07-10 08:56:12 157 ----a-w- C:\ADS553C.tmp

2012-07-10 08:26:12 157 ----a-w- C:\ADSDE08.tmp

2012-07-10 07:56:12 157 ----a-w- C:\ADS66C4.tmp

2012-07-10 07:26:12 157 ----a-w- C:\ADSEF80.tmp

2012-07-10 06:56:12 157 ----a-w- C:\ADS783C.tmp

2012-07-10 06:26:12 853 ----a-w- C:\ADS108.tmp

2012-07-10 05:56:12 157 ----a-w- C:\ADS89B4.tmp

2012-07-10 05:26:12 157 ----a-w- C:\ADS1261.tmp

2012-07-10 04:56:12 157 ----a-w- C:\ADS9B2C.tmp

2012-07-10 04:26:12 157 ----a-w- C:\ADS23D9.tmp

2012-07-10 03:56:12 157 ----a-w- C:\ADSACA5.tmp

2012-07-10 03:26:12 157 ----a-w- C:\ADS3561.tmp

2012-07-10 02:56:12 157 ----a-w- C:\ADSBE1D.tmp

2012-07-10 02:26:12 157 ----a-w- C:\ADS4708.tmp

2012-07-10 01:56:12 157 ----a-w- C:\ADSCF85.tmp

2012-07-10 01:26:12 853 ----a-w- C:\ADS5865.tmp

2012-06-29 00:44:42 428904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

==================== Find3M ====================

.

2012-07-26 21:59:45 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-26 21:59:45 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-26 08:41:07 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-07-20 05:53:23 70656 ----a-w- C:\Windows\System32\drivers\enecir.sys

2012-07-20 05:53:23 1436920 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-19 23:54:20 4065296 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2012-06-14 20:43:32 5096448 ----a-w- C:\Windows\System32\RCoRes64.dat

2012-06-10 15:33:27 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-06-09 06:07:55 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2012-06-08 23:18:46 3615888 ----a-w- C:\Windows\System32\RtkAPO64.dll

2012-06-06 17:44:20 869520 ----a-w- C:\Windows\System32\RtkApi64.dll

2012-06-01 16:37:38 2674320 ----a-w- C:\Windows\System32\RtPgEx64.dll

2012-06-01 01:08:20 105616 ----a-w- C:\Windows\System32\RCoInstII64.dll

2012-05-26 01:54:59 119296 ----a-w- C:\Windows\SysWow64\zlib.dll

2012-05-26 01:06:00 1706640 ----a-w- C:\Windows\RtlExUpd.dll

2012-05-17 18:29:24 7163744 ----a-w- C:\Windows\System32\R4EEP64A.dll

2012-05-17 18:29:22 74592 ----a-w- C:\Windows\System32\R4EEG64A.dll

2012-05-17 18:29:22 141152 ----a-w- C:\Windows\System32\R4EEL64A.dll

2012-05-17 18:29:20 433504 ----a-w- C:\Windows\System32\R4EED64A.dll

2012-05-17 18:29:20 123744 ----a-w- C:\Windows\System32\R4EEA64A.dll

2012-05-10 22:22:14 1262696 ----a-w- C:\Windows\System32\RTCOM64.dll

2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll

.

============= FINISH: 23:30:44.03 ===============

Link to post
Share on other sites

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

I'd have already formatted and reinstalled my OS except my external HD has been on the fritz lately; it won't let me copy files to it unless I run checkdisk and every time I run checkdisk some of the files I previously copied become corrupted. :(

I went ahead and scanned for files with an age of 90 days since I've had the problem for more than 30.

OTL.txt:

OTL logfile created on: 7/27/2012 2:31:03 AM - Run 1

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Eric\Downloads

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.46 Gb Available Physical Memory | 57.73% Memory free

6.39 Gb Paging File | 3.58 Gb Available in Paging File | 56.12% Paging File free

Paging file location(s): c:\pagefile.sys 400 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 298.09 Gb Total Space | 1.14 Gb Free Space | 0.38% Space Free | Partition Type: NTFS

Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 1397.25 Gb Total Space | 475.23 Gb Free Space | 34.01% Space Free | Partition Type: exFAT

Computer Name: ROLOTONY | User Name: Eric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/07/27 02:24:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Downloads\OTL.exe

PRC - [2012/07/26 14:59:45 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

PRC - [2012/06/28 20:37:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/06/28 17:44:30 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/04/25 16:58:49 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011/08/03 21:26:40 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Games\Steam\Steam.exe

PRC - [2011/04/23 20:24:33 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe

PRC - [2009/07/13 18:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2009/04/07 19:00:08 | 002,861,624 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe

PRC - [2009/04/07 09:34:26 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

PRC - [2009/03/20 20:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

PRC - [2009/03/13 13:13:12 | 001,380,864 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe

PRC - [2009/03/04 10:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

PRC - [2009/03/02 10:22:18 | 000,113,208 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe

PRC - [2009/02/06 16:57:18 | 000,072,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe

PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

PRC - [2008/10/14 16:13:24 | 002,987,008 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\TurboGear.exe

PRC - [2008/09/30 17:52:44 | 001,025,536 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\GearHelp.exe

PRC - [2008/08/13 20:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

PRC - [2008/08/13 20:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe

PRC - [2008/08/13 16:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

PRC - [2008/06/17 22:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

PRC - [2008/03/31 23:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

PRC - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

PRC - [2008/03/24 21:39:18 | 000,322,104 | ---- | M] (ASUSTek.) -- C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe

PRC - [2008/01/25 18:32:38 | 000,778,240 | ---- | M] () -- C:\Program Files (x86)\P4P\P4P.exe

PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

PRC - [2007/11/20 13:44:30 | 001,145,400 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/26 14:59:45 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

MOD - [2012/07/04 19:01:29 | 020,313,384 | ---- | M] () -- C:\Games\Steam\bin\libcef.dll

MOD - [2012/07/04 19:01:29 | 001,099,576 | ---- | M] () -- C:\Games\Steam\bin\avcodec-53.dll

MOD - [2012/07/04 19:01:29 | 000,895,312 | ---- | M] () -- C:\Games\Steam\bin\chromehtml.dll

MOD - [2012/07/04 19:01:29 | 000,190,776 | ---- | M] () -- C:\Games\Steam\bin\avformat-53.dll

MOD - [2012/07/04 19:01:29 | 000,123,192 | ---- | M] () -- C:\Games\Steam\bin\avutil-51.dll

MOD - [2012/06/28 17:44:16 | 000,373,608 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

MOD - [2012/04/25 16:58:49 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2010/08/10 00:00:00 | 000,135,168 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\jabber.dll

MOD - [2010/08/10 00:00:00 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng13.dll

MOD - [2010/08/10 00:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll

MOD - [2010/08/10 00:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll

MOD - [2010/08/10 00:00:00 | 000,053,248 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\aim.dll

MOD - [2010/08/10 00:00:00 | 000,019,456 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\yahoo.dll

MOD - [2010/08/10 00:00:00 | 000,016,896 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\trillian.dll

MOD - [2010/08/10 00:00:00 | 000,014,336 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\msn.dll

MOD - [2010/08/10 00:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\events.dll

MOD - [2010/08/10 00:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\buddy.dll

MOD - [2010/08/10 00:00:00 | 000,008,192 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\talk.dll

MOD - [2010/08/10 00:00:00 | 000,005,632 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\proxy.dll

MOD - [2010/08/10 00:00:00 | 000,004,096 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\toolkit.dll

MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

MOD - [2008/10/14 16:13:24 | 002,987,008 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\TurboGear.exe

MOD - [2008/09/30 17:52:44 | 001,025,536 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\GearHelp.exe

MOD - [2008/05/28 21:40:38 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\OLED.dll

MOD - [2008/05/28 21:39:48 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\SysInfo.dll

MOD - [2008/05/22 21:24:10 | 000,045,056 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\atkmethod.dll

MOD - [2008/02/18 22:32:46 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\OvrClk.dll

MOD - [2008/02/16 22:08:46 | 000,950,272 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\OcSetting.dll

MOD - [2008/01/25 18:32:38 | 000,778,240 | ---- | M] () -- C:\Program Files (x86)\P4P\P4P.exe

MOD - [2007/12/27 16:04:42 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\LED.dll

MOD - [2007/12/11 16:07:28 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\OUTLOOK.dll

MOD - [2007/12/07 15:32:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Direct Console\MSN.dll

MOD - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

MOD - [2007/11/19 13:54:20 | 000,188,416 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll

MOD - [2007/11/19 11:11:58 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswcore.dll

MOD - [2007/09/06 14:05:00 | 000,081,920 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswobj.dll

MOD - [2007/08/02 09:53:06 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll

MOD - [2007/07/24 14:41:10 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ResItf.dll

MOD - [2007/06/19 11:38:08 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswui.dll

MOD - [2007/06/15 10:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll

MOD - [2007/06/01 17:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

MOD - [2007/05/14 14:07:14 | 000,009,728 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\LogonStartup.dll

MOD - [2007/05/14 11:10:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswgblset.dll

MOD - [2007/03/09 16:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll

MOD - [2006/12/09 09:34:36 | 000,139,264 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll

MOD - [2006/12/07 09:29:06 | 000,007,168 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\iphelper.dll

MOD - [2006/12/06 16:55:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswhlp.dll

MOD - [2006/12/06 16:55:22 | 000,086,016 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswds.dll

MOD - [2006/12/06 16:42:26 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\cxcmrt.dll

MOD - [2005/05/11 15:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Turbo Gear\pngio.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV:64bit: - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

SRV - [2012/07/26 14:59:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/04 19:01:29 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/06/28 20:37:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/06/28 17:44:30 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/04/25 16:58:49 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/02/06 16:57:18 | 000,072,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe -- (WBVGAservice)

SRV - [2008/08/13 20:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/19 22:53:23 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/06/10 08:33:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/06/25 17:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)

DRV:64bit: - [2011/06/25 17:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)

DRV:64bit: - [2011/04/23 20:14:43 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)

DRV:64bit: - [2009/07/22 10:34:44 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)

DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/04/01 17:46:40 | 000,016,440 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)

DRV:64bit: - [2009/02/11 02:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/01/13 17:48:18 | 001,187,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2008/11/03 00:03:28 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2008/08/20 23:39:14 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

DRV:64bit: - [2008/08/10 19:14:02 | 001,820,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)

DRV:64bit: - [2008/05/01 22:59:48 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/02/15 18:27:18 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2007/12/06 03:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2007/07/24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

DRV:64bit: - [2006/10/27 06:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)

DRV - [2012/07/19 21:40:02 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}

IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}

IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 16:58:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/21 16:24:40 | 000,000,000 | ---D | M]

[2011/04/23 20:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions

[2012/06/07 01:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\x276b486.default\extensions

[2011/04/24 13:20:51 | 000,002,059 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\x276b486.default\searchplugins\daemon-search.xml

[2012/06/07 04:22:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/05/24 08:59:29 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak

[2012/06/07 03:42:45 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2

[2011/05/24 08:59:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak

[2012/06/07 03:42:43 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2

[2012/06/06 08:04:42 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X276B486.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/04/25 16:58:50 | 000,159,870 | ---- | M] () (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X276B486.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI

[2012/04/25 16:58:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/04/16 13:23:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/13 17:32:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/02/13 17:32:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/20 01:56:46 | 000,000,814 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.applian.securesites.com

O1 - Hosts: 127.0.0.1 license.superantispyware.com

O2 - BHO: (DAPHelper Class) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files (x86)\DAP\DAPBHO.dll (Speedbit Ltd.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll File not found

O3:64bit: - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O3 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll File not found

O3:64bit: - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O3 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll File not found

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)

O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe (ChkMail)

O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PowerForPhone] C:\Program Files (x86)\P4P\P4P.exe ()

O4 - HKLM..\Run: [Turbo Gear] C:\Program Files\ASUS\Turbo Gear\TurboGear.exe ()

O4 - HKLM..\Run: [Turbo Gear Help] C:\Program Files\ASUS\Turbo Gear\GearHelp.exe ()

O4 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000..\Run: [Voobly] File not found

O4 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003..\Run: [Voobly] File not found

O4 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O7 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O7 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()

O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()

O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()

O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{739FD9CF-BEE9-418B-846A-1295A7961FB6}: DhcpNameServer = 75.75.75.75 75.75.76.76

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{f42654d0-6e1b-11e0-bd53-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{f42654d0-6e1b-11e0-bd53-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk /k:E *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 90 Days ==========

[2012/07/25 21:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Movie Maker

[2012/07/20 20:03:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2012/07/20 20:03:24 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2012/07/20 20:03:24 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2012/07/20 20:03:24 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2012/07/20 20:03:24 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2012/07/20 20:03:24 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2012/07/20 20:03:23 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll

[2012/07/20 20:03:23 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll

[2012/07/20 20:03:23 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll

[2012/07/20 20:03:23 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll

[2012/07/20 20:03:22 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2012/07/20 20:03:22 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2012/07/20 20:03:22 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2012/07/20 20:03:22 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2012/07/20 20:03:22 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2012/07/20 20:03:22 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2012/07/20 20:03:21 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll

[2012/07/20 20:03:21 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll

[2012/07/20 20:03:21 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2012/07/20 20:03:21 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll

[2012/07/20 20:03:21 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll

[2012/07/20 20:03:21 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll

[2012/07/20 20:03:21 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll

[2012/07/20 20:03:21 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll

[2012/07/20 20:03:21 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll

[2012/07/20 20:03:20 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll

[2012/07/20 20:03:20 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll

[2012/07/20 20:03:20 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll

[2012/07/20 20:03:20 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2012/07/20 20:03:05 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2012/07/20 20:03:05 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2012/07/20 20:03:05 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll

[2012/07/20 20:03:04 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll

[2012/07/20 20:03:04 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll

[2012/07/20 20:03:04 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll

[2012/07/20 20:03:03 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2012/07/20 20:03:03 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2012/07/20 20:03:03 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2012/07/20 20:03:03 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2012/07/20 20:03:02 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2012/07/20 20:03:02 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2012/07/20 20:03:02 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll

[2012/07/20 20:03:01 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2012/07/20 20:03:01 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2012/07/20 20:03:01 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2012/07/19 23:31:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\SUPERAntiSpyware.com

[2012/07/19 23:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/07/19 23:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/07/19 23:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/07/19 23:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/07/19 23:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/07/19 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2012/07/19 22:52:29 | 000,016,384 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\EIO64.sys

[2012/07/19 21:40:02 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS

[2012/07/19 21:40:02 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\eSupport.com

[2012/07/18 17:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation

[2012/07/18 17:10:54 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2012/07/18 17:10:54 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2012/07/18 17:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2012/07/18 02:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012/07/17 01:00:42 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2012/07/09 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\DAP

[2012/07/08 15:18:23 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\Desktop 2

[2012/07/08 08:59:56 | 035,277,924 | ---- | C] (Edmund Mcmillen & Florian Himsl ) -- C:\Users\Eric\Desktop\Isaac.exe

[2012/07/02 23:42:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\MTG

[2012/06/23 16:05:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Macromedia

[2012/06/21 13:19:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\Wizards of the Coast

[2012/06/21 13:11:34 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duels of the Planeswalkers 2013

[2012/06/10 14:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2012/06/10 14:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2012/06/10 08:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro

[2012/06/10 08:33:27 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys

[2012/06/10 08:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro

[2012/06/10 08:19:42 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\DAEMON Tools Pro

[2012/06/10 08:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro

[2012/06/10 05:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CureROM

[2012/06/10 05:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CureROM

[2012/06/08 23:07:55 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

[2012/06/08 23:07:55 | 000,000,000 | RH-D | C] -- C:\Users\Eric\AppData\Roaming\SecuROM

[2012/05/26 02:44:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/05/26 02:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Game Control 3.3

[2012/05/26 02:24:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/05/26 02:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Game Control 3.7

[2012/05/26 02:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Game Control 3.5

[2012/05/25 21:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voobly

[2012/05/25 19:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule

[2012/05/25 19:04:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\PowerUp Software

[2012/05/25 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PowerUp Software

[2012/05/25 18:54:31 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll

[2012/05/25 16:48:12 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2012/05/22 18:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2012/05/17 17:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computerbrains

[2012/05/17 17:50:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\CCS64

[2012/05/17 16:21:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\DOSBox

[2012/05/17 16:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74

[73 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/07/27 02:04:07 | 000,000,095 | ---- | M] () -- C:\Windows\winamp.ini

[2012/07/27 01:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/26 23:26:40 | 000,000,512 | ---- | M] () -- C:\Users\Eric\Desktop\MBR.dat

[2012/07/26 23:03:57 | 000,000,024 | ---- | M] () -- C:\Windows\SysWow64\ChkMail.ini

[2012/07/26 23:02:24 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/26 23:02:24 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/26 22:57:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/26 22:57:12 | 536,109,055 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/26 01:41:07 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe

[2012/07/25 21:15:25 | 000,777,976 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/25 21:15:25 | 000,659,818 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/25 21:15:25 | 000,120,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/25 19:34:42 | 003,358,720 | ---- | M] () -- C:\Users\Eric\Desktop\Tim & Kirsten slide show.MSWMM

[2012/07/24 21:27:37 | 003,457,533 | ---- | M] () -- C:\Users\Eric\Desktop\2.jpg

[2012/07/24 00:47:12 | 000,071,096 | ---- | M] () -- C:\Users\Eric\Desktop\snapshot20120724004706.jpg

[2012/07/23 16:03:44 | 000,002,622 | ---- | M] () -- C:\Users\Eric\Desktop\Attach.zip

[2012/07/23 15:54:40 | 000,000,178 | ---- | M] () -- C:\Users\Eric\defogger_reenable

[2012/07/23 14:46:23 | 000,000,000 | ---- | M] () -- C:\Users\Eric\Desktop\New Bitmap Image.bmp

[2012/07/22 02:01:11 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

[2012/07/21 04:43:37 | 000,188,510 | ---- | M] () -- C:\Users\Eric\Desktop\1.jpg

[2012/07/19 22:53:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_enecir_01009.Wdf

[2012/07/19 22:53:23 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\SysNative\drivers\enecir.sys

[2012/07/19 22:27:44 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2012/07/19 21:40:02 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS

[2012/07/18 17:02:54 | 000,000,048 | ---- | M] () -- C:\Users\Eric\AppData\Local\ROLOTONY.cfg

[2012/07/08 08:59:56 | 035,277,924 | ---- | M] (Edmund Mcmillen & Florian Himsl ) -- C:\Users\Eric\Desktop\Isaac.exe

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/06/28 20:37:00 | 000,060,776 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2012/06/28 20:37:00 | 000,052,584 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2012/06/28 20:37:00 | 000,016,048 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2012/06/28 19:10:24 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI

[2012/06/28 17:44:42 | 000,428,904 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/06/21 15:12:50 | 000,021,987 | ---- | M] () -- C:\Users\Eric\Documents\Bad Religion.m3u

[2012/06/19 13:31:00 | 000,293,889 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT

[2012/06/10 08:33:27 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys

[2012/06/08 23:07:55 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

[2012/06/07 16:39:22 | 000,000,094 | -HS- | M] () -- C:\Windows\KLIF.spi

[2012/06/07 01:40:43 | 000,017,408 | ---- | M] () -- C:\Users\Eric\AppData\Local\WebpageIcons.db

[2012/05/26 02:15:15 | 000,015,360 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll

[2012/05/25 18:54:59 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll

[2012/05/25 01:10:58 | 000,000,244 | ---- | M] () -- C:\Windows\kaillera.ini

[2012/05/22 18:13:02 | 000,772,430 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/05/17 11:29:24 | 007,163,744 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll

[2012/05/17 11:29:22 | 000,141,152 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll

[2012/05/17 11:29:22 | 000,074,592 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll

[2012/05/17 11:29:20 | 000,433,504 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll

[2012/05/17 11:29:20 | 000,123,744 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll

[2012/05/01 10:09:04 | 000,000,036 | -H-- | M] () -- C:\Windows\SysWow64\f9t.dat

[2012/05/01 10:07:43 | 000,133,641 | ---- | M] () -- C:\Users\Eric\Documents\1.xps

[73 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/26 23:26:40 | 000,000,512 | ---- | C] () -- C:\Users\Eric\Desktop\MBR.dat

[2012/07/26 22:32:51 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\00000008.@

[2012/07/25 21:12:56 | 003,358,720 | ---- | C] () -- C:\Users\Eric\Desktop\Tim & Kirsten slide show.MSWMM

[2012/07/24 21:27:35 | 003,457,533 | ---- | C] () -- C:\Users\Eric\Desktop\2.jpg

[2012/07/24 00:47:08 | 000,071,096 | ---- | C] () -- C:\Users\Eric\Desktop\snapshot20120724004706.jpg

[2012/07/23 16:03:44 | 000,002,622 | ---- | C] () -- C:\Users\Eric\Desktop\Attach.zip

[2012/07/23 15:54:40 | 000,000,178 | ---- | C] () -- C:\Users\Eric\defogger_reenable

[2012/07/23 14:46:23 | 000,000,000 | ---- | C] () -- C:\Users\Eric\Desktop\New Bitmap Image.bmp

[2012/07/21 14:20:28 | 267,987,118 | ---- | C] () -- C:\Users\Eric\Desktop\ManoJob_cassandra_calogera720_.mp4

[2012/07/21 04:43:45 | 000,188,510 | ---- | C] () -- C:\Users\Eric\Desktop\1.jpg

[2012/07/21 03:34:13 | 343,245,233 | ---- | C] () -- C:\Users\Eric\Desktop\bmdmrt4241494.1.mp4

[2012/07/21 03:33:36 | 233,793,140 | ---- | C] () -- C:\Users\Eric\Desktop\BW4_sc6_Brandy.Talore.avi

[2012/07/21 03:33:01 | 266,698,198 | ---- | C] () -- C:\Users\Eric\Desktop\Brand_stop.mp4

[2012/07/20 20:03:22 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT

[2012/07/19 23:30:41 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

[2012/07/19 22:53:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_enecir_01009.Wdf

[2012/07/19 22:27:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2012/07/19 04:49:11 | 257,150,976 | ---- | C] () -- C:\Users\Eric\Desktop\Susie Sorrento - Puritan Magazine #47.avi

[2012/07/18 17:08:25 | 000,016,048 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

[2012/07/18 17:02:54 | 000,000,833 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Security Shield.lnk

[2012/07/18 17:02:54 | 000,000,048 | ---- | C] () -- C:\Users\Eric\AppData\Local\ROLOTONY.cfg

[2012/07/18 15:42:03 | 346,711,030 | ---- | C] () -- C:\Users\Eric\Desktop\OSS - Jodie Gasson.wmv

[2012/06/28 19:10:24 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2012/06/28 17:44:42 | 000,428,904 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/06/21 15:12:36 | 000,021,987 | ---- | C] () -- C:\Users\Eric\Documents\Bad Religion.m3u

[2012/06/07 16:39:22 | 000,000,094 | -HS- | C] () -- C:\Windows\KLIF.spi

[2012/06/07 16:34:16 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\80000000.@

[2012/06/07 01:40:43 | 000,017,408 | ---- | C] () -- C:\Users\Eric\AppData\Local\WebpageIcons.db

[2012/05/27 03:22:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/26 02:13:18 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\80000032.@

[2012/05/26 02:13:10 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\80000064.@

[2012/05/26 02:13:10 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\L\00000004.@

[2012/05/26 02:13:05 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\00000004.@

[2012/05/26 02:13:05 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\000000cb.@

[2012/05/25 18:54:31 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll

[2012/05/25 18:54:31 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll

[2012/05/25 18:54:31 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll

[2012/05/25 00:53:39 | 000,000,244 | ---- | C] () -- C:\Windows\kaillera.ini

[2012/05/22 18:12:59 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/05/01 10:07:42 | 000,133,641 | ---- | C] () -- C:\Users\Eric\Documents\1.xps

[2012/04/15 16:29:54 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat

[2012/01/15 21:56:45 | 000,008,490 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\258491ec

[2012/01/15 21:56:45 | 000,008,432 | ---- | C] () -- C:\Users\Eric\AppData\Local\590fdc6a

[2012/01/15 21:56:45 | 000,008,386 | ---- | C] () -- C:\ProgramData\c2123497

[2011/09/17 09:49:19 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll

[2011/07/11 21:38:50 | 004,369,408 | ---- | C] () -- C:\Windows\SysWow64\pdftk.exe

[2011/07/11 21:38:50 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\ptj.exe

[2011/07/11 21:38:50 | 001,103,360 | ---- | C] () -- C:\Windows\SysWow64\cidfont.dll

[2011/07/11 21:38:50 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\office.exe

[2011/04/26 17:44:21 | 000,000,254 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2011/04/23 21:18:38 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini

[2011/04/23 20:48:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/04/23 20:28:28 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\ChkMail.ini

[2011/04/23 20:24:37 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe

[2011/04/23 20:18:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2011/04/23 20:18:11 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2009/07/13 16:22:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\@

[2009/07/13 16:22:13 | 000,002,048 | -HS- | C] () -- C:\Users\Eric\AppData\Local\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\@

[2009/04/08 10:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

[2008/05/22 08:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== LOP Check ==========

[2012/05/17 17:50:07 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CCS64

[2011/04/24 13:22:06 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DAEMON Tools Lite

[2012/06/10 08:45:32 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DAEMON Tools Pro

[2011/09/17 09:48:30 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GlobalSCAPE

[2012/01/28 03:02:29 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LolClient

[2012/03/15 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LOVE

[2012/02/08 22:18:32 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Mumble

[2012/06/07 01:33:17 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Orbit

[2012/05/25 19:04:38 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\PowerUp Software

[2011/11/30 14:02:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ProgSense

[2011/12/01 00:24:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Replay Media Catcher 4

[2012/05/01 10:11:04 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Stamps.com Internet Postage

[2011/11/08 18:28:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SystemRequirementsLab

[2011/10/20 15:26:10 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >

Extras.txt:

OTL Extras logfile created on: 7/27/2012 2:31:03 AM - Run 1

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Eric\Downloads

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.46 Gb Available Physical Memory | 57.73% Memory free

6.39 Gb Paging File | 3.58 Gb Available in Paging File | 56.12% Paging File free

Paging file location(s): c:\pagefile.sys 400 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 298.09 Gb Total Space | 1.14 Gb Free Space | 0.38% Space Free | Partition Type: NTFS

Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 1397.25 Gb Total Space | 475.23 Gb Free Space | 34.01% Space Free | Partition Type: exFAT

Computer Name: ROLOTONY | User Name: Eric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2570550647-1158761815-1121215846-1000\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 304.79

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 304.79

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 304.79

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"5F4DD0919B4763856B77AD385DEEEFCDF01784A8" = ENE CIR Receiver Driver

"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager

"CCleaner" = CCleaner

"DriverAgent.exe" = DriverAgent by eSupport.com

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI

"{250F0996-1830-40C8-9B1D-6874D808DD95}" = ChkMail

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX

"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2

"{439F7BFD-4F1B-4CAE-834A-4136396C2738}" = ASUS Turbo Gear Enhanced VGA Driver

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{558B0625-03A7-491C-9693-FD1066005CBB}" = Turbo Gear Extreme

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01

"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com

"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{869D5D02-CA71-4077-8A75-A409DF771B4A}" = The Lord of the Rings Online TCG 2

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional

"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6

"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3

"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.8

"{C3B6103A-C76F-45CF-898E-22E74BD33CFF}" = Direct Console 2.0

"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module

"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E8CC51B4-F039-4A13-8C23-57661C5A90AC}" = Express Gate

"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager

"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P

"5513-1208-7298-9440" = JDownloader 0.9

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver

"CDisplay_is1" = CDisplay 1.8

"DAEMON Tools Pro" = DAEMON Tools Pro

"Download Accelerator Plus " = Download Accelerator Plus

"EncFlac" = EncFlac 1.1.2

"FLV Player2.0.25" = FLV Player

"HaaliMkx" = Haali Media Splitter

"Magic Workstation_is1" = Magic Workstation 0.94f

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Matroska Pack" = Matroska Pack

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"My Screen Recorder Pro_is1" = My Screen Recorder Pro 2.3

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4

"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter

"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2

"Replay Media Catcher 4" = Replay Media Catcher 4 (4.3.2)

"Stamps.com" = Stamps.com

"Steam App 440" = Team Fortress 2

"Steam App 550" = Left 4 Dead 2

"SystemRequirementsLab" = System Requirements Lab

"Total Game Control_is1" = Total Game Control v3.3

"Trillian" = Trillian

"VLC media player" = VLC media player 0.9.9

"Voobly_is1" = Voobly

"Winamp" = Winamp (remove only)

"World of Warcraft" = World of Warcraft

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/25/2012 5:10:53 AM | Computer Name = rolotony | Source = Application Hang | ID = 1002

Description = The program mplayerc.exe version 6.4.9.1 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: f7c Start

Time: 01cd6a45502d12f8 Termination Time: 72 Application Path: C:\Program Files (x86)\QuickTime

Alternative\Media Player Classic\mplayerc.exe Report Id: a1331dda-d638-11e1-bba5-002618a87862

Error - 7/25/2012 5:16:52 AM | Computer Name = rolotony | Source = Application Hang | ID = 1002

Description = The program mplayerc.exe version 6.4.9.1 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1450 Start

Time: 01cd6a45fb524f60 Termination Time: 66 Application Path: C:\Program Files (x86)\QuickTime

Alternative\Media Player Classic\mplayerc.exe Report Id: 76c40b25-d639-11e1-bba5-002618a87862

Error - 7/25/2012 5:36:32 AM | Computer Name = rolotony | Source = Application Hang | ID = 1002

Description = The program mplayerc.exe version 6.4.9.1 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1ae4 Start

Time: 01cd6a488283c898 Termination Time: 48 Application Path: C:\Program Files (x86)\QuickTime

Alternative\Media Player Classic\mplayerc.exe Report Id: 357183f8-d63c-11e1-bba5-002618a87862

Error - 7/26/2012 1:49:21 AM | Computer Name = rolotony | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:

11.3.300.265, time stamp: 0x4febd5ac Faulting module name: unknown, version: 0.0.0.0,

time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000031c0 Faulting

process id: 0x12b0 Faulting application start time: 0x01cd6ae5bcaf13c7 Faulting application

path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe Faulting

module path: unknown Report Id: a4e6a59e-d6e5-11e1-8189-002618a87862

Error - 7/26/2012 3:11:13 AM | Computer Name = rolotony | Source = Application Hang | ID = 1002

Description = The program left4dead2.exe version 0.0.0.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 11c8 Start

Time: 01cd6afc8ede73d4 Termination Time: 531 Application Path: c:\games\steam\steamapps\common\left

4 dead 2\left4dead2.exe Report Id: 128ce4c3-d6f1-11e1-8e9f-002618a87862

Error - 7/26/2012 4:05:14 AM | Computer Name = rolotony | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:

11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,

version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:

0x0066eb6a Faulting process id: 0x13b0 Faulting application start time: 0x01cd6afc812140c4

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report

Id: a0efa022-d6f8-11e1-8e9f-002618a87862

Error - 7/26/2012 6:37:04 AM | Computer Name = rolotony | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:

11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,

version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:

0x004923d1 Faulting process id: 0x12f4 Faulting application start time: 0x01cd6b0be9217ca1

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report

Id: d6d72f33-d70d-11e1-b02f-002618a87862

Error - 7/26/2012 7:12:48 AM | Computer Name = rolotony | Source = Application Error | ID = 1000

Description = Faulting application name: mplayerc.exe, version: 6.4.9.1, time stamp:

0x4b780a3b Faulting module name: nvd3dum.dll_unloaded, version: 0.0.0.0, time stamp:

0x4fecd626 Exception code: 0xc0000005 Fault offset: 0x6584e6e0 Faulting process id:

0xf30 Faulting application start time: 0x01cd6b1e952e1131 Faulting application path:

C:\Program Files (x86)\QuickTime Alternative\Media Player Classic\mplayerc.exe Faulting

module path: nvd3dum.dll Report Id: d47a2a9a-d712-11e1-b02f-002618a87862

Error - 7/26/2012 7:17:49 AM | Computer Name = rolotony | Source = Application Error | ID = 1000

Description = Faulting application name: mplayerc.exe, version: 6.4.9.1, time stamp:

0x4b780a3b Faulting module name: libavcodec.dll, version: 0.0.0.0, time stamp: 0x48d19c2a

Exception

code: 0xc0000005 Fault offset: 0x0019991b Faulting process id: 0x2a8 Faulting application

start time: 0x01cd6b203410368c Faulting application path: C:\Program Files (x86)\QuickTime

Alternative\Media Player Classic\mplayerc.exe Faulting module path: C:\Program Files

(x86)\Common Files\Common Share\Filters\FFDShow\libavcodec.dll Report Id: 87e9b755-d713-11e1-b02f-002618a87862

Error - 7/26/2012 5:29:30 PM | Computer Name = rolotony | Source = Application Error | ID = 1000

Description = Faulting application name: plugin-container.exe, version: 12.0.0.4493,

time stamp: 0x4f920759 Faulting module name: NPSWF32_11_3_300_265.dll_unloaded,

version: 0.0.0.0, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:

0x6be3adf3 Faulting process id: 0x3f8 Faulting application start time: 0x01cd6b2341b6e7e6

Faulting

application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting

module path: NPSWF32_11_3_300_265.dll Report Id: fb85b088-d768-11e1-b02f-002618a87862

Error - 7/26/2012 5:48:19 PM | Computer Name = rolotony | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:

11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,

version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:

0x0066e77f Faulting process id: 0xa98 Faulting application start time: 0x01cd6b784708425b

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report

Id: 9c83e083-d76b-11e1-af96-002618a87862

[ System Events ]

Error - 7/27/2012 1:32:46 AM | Computer Name = rolotony | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 7/27/2012 1:32:46 AM | Computer Name = rolotony | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 7/27/2012 1:57:20 AM | Computer Name = rolotony | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 7/27/2012 1:57:20 AM | Computer Name = rolotony | Source = Service Control Manager | ID = 7003

Description = The IKE and AuthIP IPsec Keying Modules service depends the following

service: BFE. This service might not be installed.

Error - 7/27/2012 1:57:20 AM | Computer Name = rolotony | Source = Service Control Manager | ID = 7000

Description = The Norton Internet Security service failed to start due to the following

error: %%2

Error - 7/27/2012 1:57:20 AM | Computer Name = rolotony | Source = Service Control Manager | ID = 7003

Description = The IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.

Error - 7/27/2012 1:57:22 AM | Computer Name = rolotony | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SRTSP SRTSPX

Error - 7/27/2012 2:04:07 AM | Computer Name = rolotony | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 7/27/2012 2:04:07 AM | Computer Name = rolotony | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 7/27/2012 4:33:50 AM | Computer Name = rolotony | Source = Schannel | ID = 36888

Description = The following fatal alert was generated: 10. The internal error state

is 10.

< End of report >

Link to post
Share on other sites

The problem is serious that's why I warning you.

Your free space should be at least 2 GB.

Drive C: | 298.09 Gb Total Space | 1.14 Gb Free Space | 0.38% Space Free | Partition Type: NTFS

I will try to help with this too.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
    IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = IE - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
    FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll File not found
    O3:64bit: - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    O3 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll File not found
    O3:64bit: - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    O3 - HKU\S-1-5-21-2570550647-1158761815-1121215846-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll File not found
    [2012/07/26 22:32:51 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\00000008.@
    [2012/07/18 17:02:54 | 000,000,833 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Security Shield.lnk
    [2012/07/18 17:02:54 | 000,000,048 | ---- | C] () -- C:\Users\Eric\AppData\Local\ROLOTONY.cfg
    [2012/06/07 16:34:16 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\80000000.@
    [2012/05/26 02:13:18 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\80000032.@
    [2012/05/26 02:13:10 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\80000064.@
    [2012/05/26 02:13:10 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\L\00000004.@
    [2012/05/26 02:13:05 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\00000004.@
    [2012/05/26 02:13:05 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\000000cb.@
    [2012/01/15 21:56:45 | 000,008,490 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\258491ec
    [2012/01/15 21:56:45 | 000,008,432 | ---- | C] () -- C:\Users\Eric\AppData\Local\590fdc6a
    [2012/01/15 21:56:45 | 000,008,386 | ---- | C] () -- C:\ProgramData\c2123497
    [2009/07/13 16:22:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\@
    [2009/07/13 16:22:13 | 000,002,048 | -HS- | C] () -- C:\Users\Eric\AppData\Local\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\@
    [2011/04/24 13:22:06 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DAEMON Tools Lite

    :files
    C:\Users\Eric\AppData\Local\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}
    C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}
    C:\Program Files (x86)\DAEMON Tools Toolbar
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-2570550647-1158761815-1121215846-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.

Registry key HKEY_USERS\S-1-5-21-2570550647-1158761815-1121215846-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.

Prefs.js: "DAEMON Search" removed from browser.search.selectedEngine

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.

64bit-Registry value HKEY_USERS\S-1-5-21-2570550647-1158761815-1121215846-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry value HKEY_USERS\S-1-5-21-2570550647-1158761815-1121215846-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

64bit-Registry value HKEY_USERS\S-1-5-21-2570550647-1158761815-1121215846-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry value HKEY_USERS\S-1-5-21-2570550647-1158761815-1121215846-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\00000008.@ moved successfully.

C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Security Shield.lnk moved successfully.

C:\Users\Eric\AppData\Local\ROLOTONY.cfg moved successfully.

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\80000000.@ moved successfully.

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\80000032.@ moved successfully.

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\80000064.@ moved successfully.

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\L\00000004.@ moved successfully.

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\00000004.@ moved successfully.

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\000000cb.@ moved successfully.

C:\Users\Eric\AppData\Roaming\258491ec moved successfully.

C:\Users\Eric\AppData\Local\590fdc6a moved successfully.

C:\ProgramData\c2123497 moved successfully.

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\@ moved successfully.

C:\Users\Eric\AppData\Local\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\@ moved successfully.

C:\Users\Eric\AppData\Roaming\DAEMON Tools Lite\IconsCache folder moved successfully.

C:\Users\Eric\AppData\Roaming\DAEMON Tools Lite folder moved successfully.

========== FILES ==========

C:\Users\Eric\AppData\Local\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U folder moved successfully.

C:\Users\Eric\AppData\Local\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\L folder moved successfully.

C:\Users\Eric\AppData\Local\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9} folder moved successfully.

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U folder moved successfully.

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9} scheduled to be moved on reboot.

File\Folder C:\Program Files (x86)\DAEMON Tools Toolbar not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Eric\Downloads\cmd.bat deleted successfully.

C:\Users\Eric\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Eric

->Temp folder emptied: 1811220 bytes

->Temporary Internet Files folder emptied: 5885807 bytes

->Java cache emptied: 8506075 bytes

->FireFox cache emptied: 355338534 bytes

->Flash cache emptied: 203890 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 20114 bytes

%systemroot% .tmp files removed: 711240 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 10869440 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 366.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 07272012_150013

Files\Folders moved on Reboot...

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U folder moved successfully.

C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9} folder moved successfully.

C:\Users\Eric\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Eric\AppData\Local\Temp\ppcrlui_2524_2 moved successfully.

PendingFileRenameOperations files...

File C:\Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9} not found!

File C:\Users\Eric\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Users\Eric\AppData\Local\Temp\ppcrlui_2524_2 not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Very good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 12-07-27.03 - Eric 07/27/2012 18:25:29.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4592 [GMT -7:00]

Running from: c:\users\Eric\Downloads\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\ASPG_icon.ico

c:\users\Eric\AppData\Roaming\Love

c:\users\Eric\AppData\Roaming\Love\mari0\options.txt

c:\users\Eric\AppData\Roaming\Microsoft\Windows\Recent\Readme.url

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\msvcr71.dll

c:\windows\SysWow64\office.exe

c:\windows\SysWow64\tempdir

c:\windows\SysWow64\tempdir\tinypdf.chm

c:\windows\SysWow64\tempdir\tinypdf.dll

c:\windows\SysWow64\tempdir\tinypdf1.dll

c:\windows\SysWow64\tempdir\tinypdf2.dll

.

c:\windows\system32\Services.exe . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))

.

.

2012-07-28 01:38 . 2012-07-28 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-27 22:00 . 2012-07-27 22:00 -------- d-----w- C:\_OTL

2012-07-26 04:16 . 2012-07-26 04:16 -------- d-----w- c:\program files (x86)\Windows Movie Maker

2012-07-21 03:02 . 2012-03-08 18:47 108640 ----a-w- c:\windows\system32\AERTAR64.dll

2012-07-21 03:02 . 2012-03-08 18:47 202336 ----a-w- c:\windows\system32\AERTAC64.dll

2012-07-20 23:22 . 2005-11-14 06:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-07-20 06:31 . 2012-07-20 06:31 -------- d-----w- c:\users\Eric\AppData\Roaming\SUPERAntiSpyware.com

2012-07-20 06:30 . 2012-07-20 08:59 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-07-20 06:30 . 2012-07-20 06:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-07-20 06:29 . 2012-07-20 06:29 -------- d-----w- c:\program files\CCleaner

2012-07-20 05:53 . 2012-07-20 05:53 -------- d-----w- c:\program files\DIFX

2012-07-20 05:52 . 2009-07-22 17:34 16384 ----a-w- c:\windows\system32\drivers\EIO64.sys

2012-07-20 05:28 . 2010-02-12 20:19 3899784 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-07-20 05:28 . 2010-02-12 09:55 5485456 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-07-20 05:28 . 2010-02-12 20:19 3954064 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-07-20 04:40 . 2012-07-20 04:40 -------- d-----w- c:\users\Eric\AppData\Local\eSupport.com

2012-07-20 04:40 . 2012-07-20 04:40 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS

2012-07-19 00:12 . 2012-07-19 09:10 -------- d-----w- c:\users\UpdatusUser

2012-07-19 00:11 . 2012-07-19 00:12 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2012-07-19 00:11 . 2012-06-28 23:55 3266408 ----a-w- c:\windows\system32\nvsvc64.dll

2012-07-19 00:11 . 2012-06-28 23:55 6193000 ----a-w- c:\windows\system32\nvcpl.dll

2012-07-19 00:11 . 2012-06-28 23:55 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-07-19 00:11 . 2012-06-28 23:55 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-07-19 00:11 . 2012-06-28 23:55 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-07-19 00:11 . 2012-06-28 23:55 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-07-19 00:10 . 2012-06-29 03:37 60776 ----a-w- c:\windows\system32\OpenCL.dll

2012-07-19 00:10 . 2012-06-29 03:37 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-07-19 00:10 . 2012-07-19 00:10 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-06-29 00:44 . 2012-06-29 00:44 428904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-28 04:00 . 2011-05-13 07:58 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-07-26 21:59 . 2012-05-26 09:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-26 21:59 . 2012-05-26 09:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-20 05:53 . 2009-05-20 21:09 70656 ----a-w- c:\windows\system32\drivers\enecir.sys

2012-07-20 05:53 . 2009-04-23 00:27 1436920 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-03 20:46 . 2011-06-19 03:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-10 15:33 . 2012-06-10 15:33 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-06-09 06:07 . 2012-06-09 06:07 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2012-05-26 01:54 . 2012-05-26 01:54 119296 ----a-w- c:\windows\SysWow64\zlib.dll

2012-05-26 01:06 . 2011-04-24 03:07 1706640 ----a-w- c:\windows\RtlExUpd.dll

2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]

"ADSMTray"="c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]

"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-08 2861624]

"Turbo Gear Help"="c:\program files\ASUS\Turbo Gear\GearHelp.exe" [2008-10-01 1025536]

"Turbo Gear"="c:\program files\ASUS\Turbo Gear\TurboGear.exe" [2008-10-14 2987008]

"PowerForPhone"="c:\program files (x86)\P4P\P4P.exe" [2008-01-26 778240]

"ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376]

"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2008-10-01 1126400]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-24 3054136]

"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2011-04-24 47672]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2010-8-10 1380864]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-17 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /k:E *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056]

R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]

R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;d:\i386\AsPrOb64.sys [x]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-07-20 21712]

R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-04-02 16440]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-10 283200]

S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2009-07-22 16384]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-29 1258856]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-29 382312]

S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]

S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2012-07-20 70656]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 21:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: &Download with &DAP - c:\progra~2\DAP\dapextie.htm

IE: Download &all with DAP - c:\progra~2\DAP\dapextie2.htm

LSP: mswsock.dll

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll

FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\x276b486.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - about:home

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-Voobly - (no file)

AddRemove-Download Accelerator Plus - c:\progra~2\DAP\UNWISE.EXE

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATKGFNEX\GFNEXSrv.exe

c:\program files\ASUS\NB Probe\SPM\spmgr.exe

c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files\ASUS\Net4Switch\Net4Switch.exe

c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe

c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe

.

**************************************************************************

.

Completion time: 2012-07-27 21:04:46 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-28 04:04

.

Pre-Run: 2,193,981,440 bytes free

Post-Run: 2,058,821,632 bytes free

.

- - End Of File - - 76D7F2F3C81EF1127D228B79C683F422

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | c:\windows\system32\services.exe

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 12-07-30.03 - Eric 07/31/2012 4:29.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4355 [GMT -7:00]

Running from: c:\users\Eric\Downloads\ComboFix.exe

Command switches used :: c:\users\Eric\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))

.

.

2012-07-31 11:58 . 2012-07-31 11:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-28 20:57 . 2012-07-28 20:57 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-07-28 20:57 . 2012-07-28 20:57 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-07-28 20:45 . 2011-11-28 21:51 33872 ----a-w- c:\windows\system32\drivers\anvsnddrv.sys

2012-07-28 20:44 . 2012-07-28 21:00 -------- d-----w- c:\program files (x86)\Any Video Converter Ultimate

2012-07-28 20:41 . 2012-07-28 20:59 -------- d-----w- c:\users\Eric\AppData\Roaming\AnvSoft

2012-07-28 04:58 . 2012-07-28 04:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-28 04:58 . 2012-07-28 04:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-27 22:00 . 2012-07-27 22:00 -------- d-----w- C:\_OTL

2012-07-26 04:16 . 2012-07-26 04:16 -------- d-----w- c:\program files (x86)\Windows Movie Maker

2012-07-21 03:02 . 2012-03-08 18:47 108640 ----a-w- c:\windows\system32\AERTAR64.dll

2012-07-21 03:02 . 2012-03-08 18:47 202336 ----a-w- c:\windows\system32\AERTAC64.dll

2012-07-20 23:22 . 2005-11-14 06:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-07-20 06:31 . 2012-07-20 06:31 -------- d-----w- c:\users\Eric\AppData\Roaming\SUPERAntiSpyware.com

2012-07-20 06:30 . 2012-07-20 08:59 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-07-20 06:30 . 2012-07-20 06:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-07-20 06:29 . 2012-07-20 06:29 -------- d-----w- c:\program files\CCleaner

2012-07-20 05:53 . 2012-07-20 05:53 -------- d-----w- c:\program files\DIFX

2012-07-20 05:52 . 2009-07-22 17:34 16384 ----a-w- c:\windows\system32\drivers\EIO64.sys

2012-07-20 05:28 . 2010-02-12 20:19 3899784 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-07-20 05:28 . 2010-02-12 09:55 5485456 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-07-20 05:28 . 2010-02-12 20:19 3954064 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-07-20 04:40 . 2012-07-20 04:40 -------- d-----w- c:\users\Eric\AppData\Local\eSupport.com

2012-07-20 04:40 . 2012-07-20 04:40 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS

2012-07-19 00:12 . 2012-07-31 01:31 -------- d-----w- c:\users\UpdatusUser

2012-07-19 00:11 . 2012-07-19 00:12 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2012-07-19 00:11 . 2012-06-28 23:55 3266408 ----a-w- c:\windows\system32\nvsvc64.dll

2012-07-19 00:11 . 2012-06-28 23:55 6193000 ----a-w- c:\windows\system32\nvcpl.dll

2012-07-19 00:11 . 2012-06-28 23:55 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-07-19 00:11 . 2012-06-28 23:55 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-07-19 00:11 . 2012-06-28 23:55 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-07-19 00:11 . 2012-06-28 23:55 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-07-19 00:10 . 2012-06-29 03:37 60776 ----a-w- c:\windows\system32\OpenCL.dll

2012-07-19 00:10 . 2012-06-29 03:37 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-07-19 00:10 . 2012-07-19 00:10 -------- d-----w- c:\programdata\NVIDIA Corporation

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-31 12:02 . 2011-05-13 07:58 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-07-20 05:53 . 2009-05-20 21:09 70656 ----a-w- c:\windows\system32\drivers\enecir.sys

2012-07-20 05:53 . 2009-04-23 00:27 1436920 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-03 20:46 . 2011-06-19 03:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-29 00:44 . 2012-06-29 00:44 428904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-06-10 15:33 . 2012-06-10 15:33 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-06-09 06:07 . 2012-06-09 06:07 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2012-05-26 01:54 . 2012-05-26 01:54 119296 ----a-w- c:\windows\SysWow64\zlib.dll

2012-05-26 01:06 . 2011-04-24 03:07 1706640 ----a-w- c:\windows\RtlExUpd.dll

2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-28_04.01.42 )))))))))))))))))))))))))))))))))))))))))

.

- 2011-04-24 04:10 . 2012-07-28 03:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-24 04:10 . 2012-07-31 11:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-24 04:10 . 2012-07-31 11:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-04-24 04:10 . 2012-07-28 03:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-07-28 01:39 . 2012-07-28 01:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-31 11:59 . 2012-07-31 11:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-28 01:39 . 2012-07-28 01:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-31 11:59 . 2012-07-31 11:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-07-28 01:38 241720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-31 11:58 241720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-04-24 04:15 . 2012-07-31 11:58 26770552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2570550647-1158761815-1121215846-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]

"ADSMTray"="c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]

"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-08 2861624]

"Turbo Gear Help"="c:\program files\ASUS\Turbo Gear\GearHelp.exe" [2008-10-01 1025536]

"Turbo Gear"="c:\program files\ASUS\Turbo Gear\TurboGear.exe" [2008-10-14 2987008]

"PowerForPhone"="c:\program files (x86)\P4P\P4P.exe" [2008-01-26 778240]

"ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376]

"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2008-10-01 1126400]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-24 3054136]

"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2011-04-24 47672]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2010-8-10 1380864]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-17 113664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /k:E *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 250056]

R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]

R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;d:\i386\AsPrOb64.sys [x]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-07-20 21712]

R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-04-02 16440]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-10 283200]

S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2009-07-22 16384]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-29 1258856]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-29 382312]

S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]

S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]

S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2012-07-20 70656]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 04:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: &Download with &DAP - c:\progra~2\DAP\dapextie.htm

IE: Download &all with DAP - c:\progra~2\DAP\dapextie2.htm

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll

FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\x276b486.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - about:home

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Download Accelerator Plus - c:\progra~2\DAP\UNWISE.EXE

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATKGFNEX\GFNEXSrv.exe

c:\program files\ASUS\NB Probe\SPM\spmgr.exe

c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe

c:\program files\ASUS\Net4Switch\Net4Switch.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe

c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe

.

**************************************************************************

.

Completion time: 2012-07-31 05:16:44 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-31 12:16

ComboFix2.txt 2012-07-28 04:04

.

Pre-Run: 1,599,905,792 bytes free

Post-Run: 1,536,286,720 bytes free

.

- - End Of File - - 7821DC0126F1A906ECB93EC077346AAA

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f91dc50d67aa5247abda10615adc8cd2

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-08-03 10:11:38

# local_time=2012-08-03 03:11:38 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 39425996 95508348 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=1105611

# found=14

# cleaned=13

# scan_time=23801

C:\Downloads\DAEMON Tools Pro Advanced 4.41.0314.0232 Incl Crack & Patch\Crack\crack\DAEMON Tools Pro Advanced v4410314-0232_Patch.exe a variant of Win32/Kryptik.BBT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Downloads\DAEMON Tools Pro Advanced v5.1.0.0333. FINAL + Key.waqrr\DAEMON Tools Pro Advanced v5.1.0.0333 + Key.waqrr\DAEMONToolsPro510-0333.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Eric\Downloads\ArcadeWebSetup.exe a variant of Win32/Adware.Gamevance.CF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Eric\Downloads\OrbitSetup4.1.02.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Eric\Downloads\backups\backup-20120516-095019-904-btcm.exe a variant of Win32/BitCoinMiner application (deleted - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07272012_150013\C_Users\Eric\AppData\Local\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\n Win64/Sirefef.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07272012_150013\C_Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07272012_150013\C_Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\000000cb.@ Win64/Conedex.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07272012_150013\C_Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\80000000.@ Win64/Sirefef.AP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07272012_150013\C_Windows\Installer\{e5fb27a8-7846-48e5-ed35-a6da700e5cb9}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\Black Jesus\Downloads\AVG Antivirus+Firewall & Anti-Spyware [AVG Internet Security]\SSG keygen.exe a variant of Win32/Keygen.AQ application (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.