Broadband Tech → Security → Security Cleanup > [Virus] I have twunk_32 server + misc.

Ok, I was looking up the Samsung Push Service for my Note2, and this site galaxytabforum had something bad or i had a vulnerability. Java popups about installing different things came up. Then, when I shut down my PC it was taking quite a along time, so i hit the power switch on back of PSU. When I rebooted, I found MSE had been eradicated and twunk_32.exe was downloading and uploading like crazy. Also, I cant download anything from IE and i ended up having to DL FF from another PC.

So thats the jist of it. Here's the logs in order:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.13.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
GunstarPrime :: GUNSTARPRIME-PC [administrator]

5/13/2013 12:13:47 AM
mbam-log-2013-05-13 (00-13-47).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 457879
Time elapsed: 47 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
--------------------------------------------------

# AdwCleaner v2.300 - Logfile created 05/12/2013 at 22:18:30
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : GunstarPrime - GUNSTARPRIME-PC
# Boot Mode : Normal
# Running from : C:\Users\GunstarPrime\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\GunstarPrime\AppData\Roaming\Mozilla\Firefox\Profiles\a5psrp7e.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [935 octets] - [12/05/2013 22:18:30]

########## EOF - C:\AdwCleaner[R1].txt - [994 octets] ##########
----------------------------------------------------------------

OTL logfile created on: 5/12/2013 10:21:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GunstarPrime\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 82.96% Memory free
8.00 Gb Paging File | 6.41 Gb Available in Paging File | 80.20% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 153.62 Gb Free Space | 51.53% Space Free | Partition Type: NTFS

Computer Name: GUNSTARPRIME-PC | User Name: GunstarPrime | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/05/12 22:21:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GunstarPrime\Downloads\OTL.exe
PRC - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/05/05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/05/05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/07/13 18:14:42 | 000,031,232 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2010/05/05 20:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
MOD - [2009/03/26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/12/19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/12/19 12:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/29 11:46:46 | 000,035,680 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/02 19:00:10 | 000,938,776 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)
SRV - [2013/04/13 21:29:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/09 23:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/18 14:23:28 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/25 19:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/29 11:46:48 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/05/29 11:46:46 | 000,029,024 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/01/09 00:25:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 13:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 12:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 04:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012/03/27 07:48:00 | 000,398,112 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/29 00:33:13 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2010/05/05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/05/05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/21 02:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 02:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 02:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/11/18 16:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/01/19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV:64bit: - [2007/09/29 01:04:58 | 000,046,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JmtFltr.sys -- (JmtFltr)
DRV:64bit: - [2006/11/07 08:30:56 | 000,016,656 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2013/05/02 19:40:48 | 000,074,024 | ---- | M] (BitRaider) [File_System | On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRDriver64.sys -- (BRDriver64)
DRV - [2011/12/12 20:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 8D 01 56 49 4F CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\GunstarPrime\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/12 22:14:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/05/12 22:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GunstarPrime\AppData\Roaming\Mozilla\Extensions
[2013/05/12 22:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/09 23:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/09 23:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/09 23:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/05/12 10:46:42 | 000,446,982 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15375 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: fceebfaadabcbad = C:\Users\GunstarPrime\AppData\Roaming\75fc973e-1eb9-496f-a967-93ad3a56bc6bad\fceebfaadabcbad.exe ()
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (Reg Error: Key error.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Key error.)
O16 - DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futuremark.com/calico/systeminfodeploy/FMSI_v460.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://clients.futuremark.com/openapi/receivers/FMSI.cab (Reg Error: Key error.)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C2471BB-9102-4FAF-935E-2379D59DA0D8}: NameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\mousekeyboardcenter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mousekeyboardcenter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/05/12 22:17:18 | 000,000,000 | ---D | C] -- C:\Users\GunstarPrime\AppData\Local\Macromedia
[2013/05/12 22:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/05/12 22:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/05/12 22:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/12 22:14:01 | 021,036,128 | ---- | C] (Mozilla) -- C:\Users\GunstarPrime\Desktop\Firefox Setup 20.0.1.exe
[2013/05/12 12:52:16 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/12 12:52:16 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/12 12:52:15 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/12 12:52:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/12 12:52:15 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/12 12:52:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/12 12:52:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/12 12:52:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/12 12:52:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/12 12:52:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/12 12:52:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/12 12:52:14 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/12 12:52:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/12 12:52:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/12 12:52:12 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/12 12:51:22 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/05/12 12:51:21 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/05/12 12:51:21 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/05/12 12:51:20 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/05/12 12:51:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/05/12 12:51:20 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/05/12 12:42:14 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/05/12 00:20:10 | 000,000,000 | ---D | C] -- C:\Users\GunstarPrime\AppData\Roaming\75fc973e-1eb9-496f-a967-93ad3a56bc6bad
[2013/05/02 19:40:52 | 000,000,000 | ---D | C] -- C:\Users\GunstarPrime\AppData\Roaming\Awesomium
[2013/05/02 19:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvel Heroes Beta
[2013/05/02 19:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/05/02 19:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/05/02 19:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secret Identity Studios
[2013/05/02 19:00:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BitRaider
[2013/05/02 19:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BitRaider
[2013/04/26 19:06:23 | 000,000,000 | ---D | C] -- C:\Users\GunstarPrime\Documents\My Cheat Tables
[2013/04/19 00:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/04/19 00:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/05/12 22:19:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/12 22:19:16 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2013/05/12 22:19:16 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2013/05/12 22:19:16 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000005-00311102}.rfx
[2013/05/12 22:15:24 | 000,792,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/12 22:15:24 | 000,668,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/12 22:15:24 | 000,125,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/12 22:14:20 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/12 22:11:37 | 021,036,128 | ---- | M] (Mozilla) -- C:\Users\GunstarPrime\Desktop\Firefox Setup 20.0.1.exe
[2013/05/12 22:07:17 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 22:07:17 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 22:04:14 | 000,007,682 | ---- | M] () -- C:\Users\GunstarPrime\AppData\Local\Resmon.ResmonCfg
[2013/05/12 20:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/12 12:56:23 | 000,402,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/12 10:46:42 | 000,446,982 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/12 00:20:04 | 000,000,000 | ---- | M] () -- C:\Users\GunstarPrime\jucheck.exe
[2013/05/02 19:37:34 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Marvel Heroes Beta.lnk
[2013/04/25 07:25:21 | 000,446,490 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130512-104642.backup
[2013/04/21 04:06:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/14 11:12:11 | 000,445,879 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130425-072521.backup
[2013/04/13 21:29:10 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/13 21:29:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/05/12 22:14:20 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/12 22:14:20 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/12 00:20:04 | 000,000,000 | ---- | C] () -- C:\Users\GunstarPrime\jucheck.exe
[2013/05/02 19:02:04 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Marvel Heroes Beta.lnk
[2013/04/19 00:43:07 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/07 02:21:18 | 000,000,000 | ---- | C] () -- C:\Users\GunstarPrime\cd
[2012/09/02 23:07:21 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/10 09:48:46 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/02/14 19:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 19:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/10 00:22:16 | 000,007,682 | ---- | C] () -- C:\Users\GunstarPrime\AppData\Local\Resmon.ResmonCfg
[2012/01/09 00:16:59 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/01/09 00:16:59 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/21 14:49:16 | 000,785,906 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/21 14:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2013/05/12 00:20:10 | 000,002,048 | -HS- | M] () -- C:\$Recycle.bin\S-1-5-18\$b11247e0f0052f701dade48ff4fc9b06\@
[2013/05/12 00:20:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$b11247e0f0052f701dade48ff4fc9b06\L
[2013/05/12 00:20:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$b11247e0f0052f701dade48ff4fc9b06\U
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012/09/27 20:56:04 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\.minecraft
[2012/09/07 01:04:55 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\.techniclauncher
[2013/05/12 00:20:10 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\75fc973e-1eb9-496f-a967-93ad3a56bc6bad
[2013/05/04 02:54:38 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\Awesomium
[2012/01/30 04:33:13 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\BigHugeEngine
[2011/08/21 15:04:06 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\DarksporeData
[2012/09/21 12:37:22 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\Day 1 Studios
[2012/01/04 17:34:57 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\Digiarty
[2012/10/05 22:58:47 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\Fatshark
[2011/08/23 05:01:19 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\Helios
[2013/01/25 14:35:22 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\Leadertech
[2011/08/21 15:04:07 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\NetMeter
[2011/12/27 19:44:26 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\Origin
[2012/01/04 03:35:24 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\Publish Providers
[2012/04/09 17:12:28 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\QuickScan
[2011/08/21 15:04:08 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\runic games
[2012/01/14 23:21:12 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\TuneUp Software
[2011/09/23 18:54:40 | 000,000,000 | ---D | M] -- C:\Users\GunstarPrime\AppData\Roaming\Windows Live Writer

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

--------------------------------------------------------------
--
He's the only one that stands between Sho' and total supremacy.

OTL Extras logfile created on: 5/12/2013 10:21:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GunstarPrime\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 82.96% Memory free
8.00 Gb Paging File | 6.41 Gb Available in Paging File | 80.20% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 153.62 Gb Free Space | 51.53% Space Free | Partition Type: NTFS

Computer Name: GUNSTARPRIME-PC | User Name: GunstarPrime | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{44610EE0-C908-D8F1-425D-914A5B745DEA}" = AMD Drag and Drop Transcoding
"{45CFCE21-2023-4D14-B76A-7AE1F92DF4D8}" = .NET Utilities
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011E92F1-AF76-4983-8707-79F8F1956439}" = Nero Prerequisite Installer 1.0
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1002A380-2026-11E1-A67B-F04DA23A5C58}" = MSVCRT Redists
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2436A979-497D-47C4-B448-D0625035F77E}" = Nero Video 11
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B430D9F-FFDF-4400-AF49-34DC412EFD0C}" = Path of Exile
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C2FBB88A-65AA-6751-25EC-6A9046FA5F3B}" = Windows Driver Kit
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F38556C1-486C-C07B-4655-2F1BCF18C68A}" = Catalyst Control Center InstallProxy
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{f65530f7-1696-4fcd-8876-37cdcacdbd4c}" = Windows Driver Kit
"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AudioCS" = Creative Audio Control Panel
"BitRaider Web Client" = BitRaider Web Client
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"ESET Online Scanner" = ESET Online Scanner v3
"FileASSASSIN" = FileASSASSIN
"Fraps" = Fraps (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"marvelheroesbeta" = Marvel Heroes
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Steam App 113200" = The Binding of Isaac
"Steam App 200710" = Torchlight II
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 40100" = Supreme Commander 2
"Steam App 42160" = War of the Roses
"Steam App 50620" = Darksiders
"Steam App 50650" = Darksiders II
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 97000" = Solar 2
"Steam App 98600" = Demolition, Inc.
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 4/29/2013 3:43:52 PM | Computer Name = GunstarPrime-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/1/2013 5:21:49 PM | Computer Name = GunstarPrime-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/1/2013 6:43:11 PM | Computer Name = GunstarPrime-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/1/2013 6:43:16 PM | Computer Name = GunstarPrime-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/8/2013 3:45:14 AM | Computer Name = GunstarPrime-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/8/2013 3:46:13 AM | Computer Name = GunstarPrime-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/10/2013 12:58:35 AM | Computer Name = GunstarPrime-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/10/2013 12:59:36 AM | Computer Name = GunstarPrime-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/12/2013 3:19:57 AM | Computer Name = GunstarPrime-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 0.0.0.0, time stamp:
0x2a425e19 Faulting module name: kernel32.dll, version: 6.1.7601.18015, time stamp:
0x50b83c89 Exception code: 0xc0000005 Fault offset: 0x00037fbe Faulting process id:
0x8a8 Faulting application start time: 0x01ce4ee11ae8a7fc Faulting application path:
C:\Users\GunstarPrime\iexplore.exe Faulting module path: C:\Windows\syswow64\kernel32.dll
Report
Id: 595ac512-bad4-11e2-a493-000129a48eab

Error - 5/12/2013 5:33:33 PM | Computer Name = GunstarPrime-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/12/2013 5:33:58 PM | Computer Name = GunstarPrime-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 5/13/2013 12:59:46 AM | Computer Name = GunstarPrime-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/13/2013 12:59:55 AM | Computer Name = GunstarPrime-PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%5

Error - 5/13/2013 1:00:01 AM | Computer Name = GunstarPrime-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 5/13/2013 1:00:01 AM | Computer Name = GunstarPrime-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.2 service failed to start due to the following error:
%%2

Error - 5/13/2013 1:16:13 AM | Computer Name = GunstarPrime-PC | Source = Service Control Manager | ID = 7034
Description = The Creative Audio Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/13/2013 1:19:45 AM | Computer Name = GunstarPrime-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/13/2013 1:19:54 AM | Computer Name = GunstarPrime-PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%5

Error - 5/13/2013 1:20:00 AM | Computer Name = GunstarPrime-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 5/13/2013 1:20:01 AM | Computer Name = GunstarPrime-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.2 service failed to start due to the following error:
%%2

Error - 5/13/2013 1:20:04 AM | Computer Name = GunstarPrime-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.2 service failed to start due to the following error:
%%2

--------------------------------------------------------------

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 [color=red](UAC is disabled!)[/color]
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 24
Java(TM) 7
[color=red]Java version out of Date![/color]
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Mozilla Firefox (20.0.1)
[u]````````Process Check: objlist.exe by Laurent````````[/u]
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
[u]````````````````````End of Log``````````````````````[/u]
--------------------------------------------------------------

QuickScan 32-bit v0.9.9.119
---------------------------
Scan date: Mon May 13 01:08:35 2013
Machine ID: D2894BA1

No infection found.
-------------------

Processes
---------
Adobe Acrobat Update Service 1484 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
Firefox 2184 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 3880 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(verified) Creative Audio Product 2724 C:\Windows\SysWOW64\CTxfispi.exe

Network activity
----------------
Process firefox.exe (2184) connected on port 80 (HTTP) --> 37.59.67.149
Process firefox.exe (2184) connected on port 80 (HTTP) --> 37.59.67.149
Process firefox.exe (2184) connected on port 80 (HTTP) --> 2.19.143.139
Process firefox.exe (2184) connected on port 80 (HTTP) --> 37.59.67.149
Process firefox.exe (2184) connected on port 80 (HTTP) --> 72.21.81.253
Process firefox.exe (2184) connected on port 80 (HTTP) --> 173.194.33.13
Process firefox.exe (2184) connected on port 80 (HTTP) --> 66.235.142.20
Process firefox.exe (2184) connected on port 80 (HTTP) --> 64.94.107.50
Process firefox.exe (2184) connected on port 80 (HTTP) --> 173.194.33.39
Process firefox.exe (2184) connected on port 80 (HTTP) --> 173.194.33.39
Process firefox.exe (2184) connected on port 80 (HTTP) --> 64.94.107.64
Process firefox.exe (2184) connected on port 80 (HTTP) --> 173.194.33.57
Process firefox.exe (2184) connected on port 80 (HTTP) --> 173.194.33.57
Process firefox.exe (2184) connected on port 80 (HTTP) --> 74.125.129.104
Process firefox.exe (2184) connected on port 80 (HTTP) --> 66.235.142.20

Autoruns and critical files
---------------------------
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
fceebfaadabcbad.exe C:\Users\GunstarPrime\AppData\Roaming\75fc973e-1eb9-496f-a967-93ad3a56bc6bad\fceebfaadabcbad.exe
Microsoft Mouse and Keyboard Center c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Microsoft Mouse and Keyboard Center c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verified) CTXfiHlp Application C:\Windows\system32\CTXFIHLP.EXE
(verified) Microsoft® Windows® Operating System C:\Windows\system32\scrnsave.scr
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
Bitdefender QuickScan C:\Users\GunstarPrime\AppData\Roaming\Mozilla\Firefox\Profiles\a5psrp7e.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
CTPID ActiveX Control Module C:\Windows\Downloaded Program Files\CTPIDPDE.ocx
IGDToolx C:\Windows\Downloaded Program Files\igdtoolx.dll
Java(TM) Platform SE 7 c:\program files (x86)\java\jre7\bin\jp2ssv.dll
Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
NPSWF32_11_6_602_180.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
Shockwave for Director C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Nero Kwik Media Helper C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll

Scan
----
MD5: b1bb8edc9d83d8096ee873f04cee600c C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
MD5: 4cb7cee3f7540b0bedbd158d75f06509 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: f9616d202b0124d373d2d82a4aa66b1d c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 3cb07566302bceeb898de270a0bec175 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 3927397ac60d943daf8808affed582b7 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: c0ead9f8ab83d41ff07303c75589c2b8 C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
MD5: cf39a105cd553eed31e2255aff4c6742 c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: 12b79422a23814429cda9e734c58f78f C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 9a5c9cab7d90d93d23047ba38ba5d3f0 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
MD5: 1dda8c123f1ed811d32aeddbc69bd740 c:\program files (x86)\java\jre7\bin\jp2ssv.dll
MD5: a5c14075b571af1c9592595be724d9d2 c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
MD5: 51fa7cb7c76e56d478768f64a1aef24b C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MD5: 6f5386a655598f71baab2d6b63a69d6a C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: 81c39b4b7fc14493958860ac06057ad9 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: 03c0475b64a49a531a1fca445efaf714 C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
MD5: 30f13cc50b40ac23a25861bdb8fdede9 C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: e0fd85dadd7ef3e892ecbb0dc4d68e0a C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MD5: 5957aa52e13272e041e009f9176cf702 C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: eb03052f8d4343cfa74bdaa0fc9781b1 C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MD5: 03e9314004f504a14a61c3d364b62f66 C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll
MD5: 4f94dc9d7156df622fb1aefec85b0f85 C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MD5: 37cf212ae1ae34852c08950868c99451 C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: dde3a1d8d9a0ae1999cad3ec6f0ed1f3 C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: e714f5ab9d7c81e56ae3d99b61267d9a C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: e64ef4732dc96115afd6902739fedea9 C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MD5: ac1782cdbaf09f3ae2845bcae25863c0 C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MD5: 9fab315a6f54ddaff67c45c6b0e8180a C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MD5: f834b06933e51e2266dc4858a0e9dd98 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 6b030923b2ed4341fa0fc2439eba6937 C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MD5: 0028ffb55b16a31ca25f87007a87ccef C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: 71cd356dd1cb8d414906797912093ab7 C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MD5: 0d1a879e307914ca59724450690dabba C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MD5: ed24a2d1d94a90e188ffca4a21453e39 C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: 7edbbb9351a38c6bb0fe98cfd44db430 C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 934bb0d23a25c8c136570800a5a149b6 C:\Program Files (x86)\Nero\Update\NASvc.exe
MD5: f07af60b152221472fbdb2fecec4896d C:\Program Files (x86)\Skype\Updater\Updater.exe
MD5: 8dd1f81749a966ea5a96cb2d89c9670c C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
MD5: bb676d2c7ad5e7131d12417e4691f9b9 C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
MD5: 5a528a540b1aee8b1c77ed65094e8cdf C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
MD5: a567b70468a04f4ba64339d1caf78e58 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
MD5: afb5b500ad69e24ed1bc15d1161641ef C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 2bacd71123f42cea603f4e205e1ae337 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: f296a16807b11e1edd3713cddab07485 c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
MD5: 74bb6162d79cedfca1421de2685c3139 c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
MD5: 11b081c50c4477b52a8b564392099131 C:\programdata\bitraider\BRDriver64.sys
MD5: bb003b41286a3bc0dd214e0e42921859 C:\ProgramData\BitRaider\BRSptSvc.exe
MD5: b8cd8363505620676789df8e383f0637 C:\Users\GunstarPrime\AppData\Roaming\75fc973e-1eb9-496f-a967-93ad3a56bc6bad\fceebfaadabcbad.exe
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Users\GunstarPrime\AppData\Roaming\Mozilla\Firefox\Profiles\a5psrp7e.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 6a3ad6dabe21b7f0d19c3072c02f9d52 C:\Windows\Downloaded Program Files\CTPIDPDE.ocx
MD5: 11daa9288e382ebed84d048b6ee17c4f C:\Windows\Downloaded Program Files\igdtoolx.dll
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: 7812537eb7af2eaed650f06332a805fd C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: eb7ab4d04810406731fd34538e4b9a0c C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: e8a4bbdb754f4b02d435676e1da61625 C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: 502d593cb5380b28973367d02a561c2a C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 3df0a5319da331d41fedcd19e7943407 C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: c6d2cbbf23f941a258e4c7acd91d2c54 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 10e6e57e9969d65a204144733350cbfc C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 679566981ad21a4a97b3ebdd02b90173 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: 9d0753e3338218a16db6064792d4a104 C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: c0f480030d210e00d13ff5652de09bc4 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 2ef5989079a591fc8e0e1397ad0abccf C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: 070a8322a99c9896359a688c0f641e91 C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: 77c06a24bbff6910fa580deee7fa6860 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: b5f32e970c316f18a2d371b0c6462493 C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 663ad6d905f8243f7128a5ff253cd539 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 9366615015ae89730b120dfff84d398c C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: d8d8aace7e4adb74a2b5bcc4752d4551 C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 6aff6341541922e8926b5d075b1b826f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: dd96f6365b16e75a445f5799ef4c6e36 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: 26a6d505be05d3af660f810906907b8e C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 4c94752c2f167cd5f2311bccc37700ff C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: f947fa55cb0404f107c3b96023584003 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 48c4878254c6bfe8f1bd3e70ccbed090 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: bd329655c141263797405fc26a02a53b C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: d3e8f9b8c009eb158a7d3afb159f4eeb C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: 2d7c3d32691bd5f77b02f404d56b3edb C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: 62c50b99d25813365fdeb39c43d9c655 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 6a13b4f3b3f575f1e24b877b9359aaba C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
MD5: 49aca548b2423f1c67898e6ac719a9a6 C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
MD5: 2e33dfd10f28f86c3fc40ee123cc3904 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
MD5: 1c60e09ca1c3a045bc4d367f67c915b7 C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
MD5: 60f4aefa103d421ea4a40e31409b4756 C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
MD5: 6951562dc4625eefc6eacd52ad165866 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MD5: 007863e45f25aa47a4c30d0930bbfd85 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
MD5: 589cbc4989f750e1da35625ab481cf43 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
MD5: 3be0d923aa45a4dbe091c2d84f0b4fe7 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
MD5: 2f75b73974ad36cfe84f86f766ca9fa0 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: aa0ac5b8c45af41d1215b156272fc869 C:\Windows\system32\aticfx32.dll
MD5: d12fa9a85243be480828ba78db7b7be5 C:\Windows\system32\atidxx32.dll
MD5: c2e178b380e585590d9198762a45ab64 C:\Windows\system32\atiuxpag.dll
MD5: 96c0e38905cfd788313be8e11dae3f2f C:\Windows\system32\cryptsvc.dll
MD5: 9ff8f684bacf326082e5562f7c104a79 C:\Windows\system32\d2d1.dll
MD5: 3c1936a12c62254f914a01bbc6a8dc69 C:\Windows\system32\d3d10_1.dll
MD5: d4212ab475a3b25ec4df574536c3edc5 C:\Windows\system32\d3d10_1core.dll
MD5: 7acdfb4cc67f4993df0e0731576309b2 C:\Windows\system32\d3d11.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: 4277f5164de9b7c665bb928b9145bee0 C:\Windows\system32\dwrite.dll
MD5: d4f264fe23f8953d840904418220c15e C:\Windows\system32\dxgi.dll
MD5: 7069aab8536f29ed7323140973a2894b C:\Windows\system32\msdmo.dll
MD5: 2fca0d2c59a855c54bafa22aa329df0f C:\Windows\system32\NETAPI32.dll
MD5: 0ba65122ffa7e37564ee86422dbf7ae8 C:\Windows\system32\NLAapi.dll
MD5: a113afeed3159a1ed52d78cb0226006d C:\Windows\system32\Secur32.dll
MD5: 9d63197622b667e3c898b89adfc8fbec C:\Windows\System32\uxtuneup.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: 6846d2ca7e1d5937aee3f99bb7f5464b C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
MD5: 6a13b4f3b3f575f1e24b877b9359aaba C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
MD5: 2e33dfd10f28f86c3fc40ee123cc3904 C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
MD5: 1c60e09ca1c3a045bc4d367f67c915b7 C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
MD5: 6951562dc4625eefc6eacd52ad165866 C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MD5: 589cbc4989f750e1da35625ab481cf43 C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
MD5: 3be0d923aa45a4dbe091c2d84f0b4fe7 C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
MD5: 60d21799a4af4edce65fb98830e4b0c8 C:\Windows\syswow64\CRYPT32.dll
MD5: 0b6118058942961d504aaea04fecb116 c:\windows\syswow64\ieframe.dll
MD5: b5dec0d4cbbc333ca99fe10b06d4747e C:\Windows\syswow64\iertutil.dll
MD5: ac0b6f41882fc6ed186962d770ebf1d2 C:\Windows\syswow64\kernel32.dll
MD5: e954a79d6a754a5475582caced1565e6 C:\Windows\syswow64\KERNELBASE.dll
MD5: 479901c99fa62d1c3261b7acb1228dad C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 47299371607dc2fb234444eeacb1639e C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll
MD5: 29e9794708df51db5dc89fb2e903a0f6 C:\Windows\syswow64\SHELL32.dll
MD5: bfb26890612fb8ae8b0463ebebe84b7e C:\Windows\syswow64\SspiCli.dll
MD5: 69cb1a65b835ee6adf9e16ed6d443072 C:\Windows\syswow64\urlmon.dll
MD5: b7230010d97787af3d25e4c82f2b06b9 C:\Windows\syswow64\USP10.dll
MD5: 9df7a7c74d8632cb5ebd37e3a374825e c:\windows\syswow64\webcheck.dll
MD5: cfe0cee587f9cea4c29deec6d85fc91c C:\Windows\syswow64\WININET.dll
MD5: 17448af0bba9e7ab5ec955af93f271bd C:\Windows\syswow64\WINTRUST.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

The following file(s) must be uploaded for server-side scanning:
C:\Users\GunstarPrime\AppData\Roaming\75fc973e-1eb9-496f-a967-93ad3a56bc6bad\fceebfaadabcbad.exe

Upload started - 1 file(s)
fceebfaadabcbad.exe (204288)
Upload speed - 51 KB/s
Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 4 sec
Total traffic - 0.20 MB sent, 0.45 KB recvd
Scanned 271 files and modules - 13 seconds

==============================================================================

HI, MSE is still FUBAR, as is trying to download anything with IE. Couldn't run MBAR antirootkit because the folder after i unzipped it was empty!

avast! found 4 files which were moved to the "chest". 2 were Win32:Adware-gen. 1 was Win32:Malware-gen. 1 was Win32:Redyms-A

ESET online scanner log:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cb2da66191b0c9499aa8afc78a4ae881
# engine=13825
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-14 09:47:29
# local_time=2013-05-14 02:47:29 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 0 144313121 0 0
# compatibility_mode=5893 16776574 100 29 53625572 104000273 0 0
# scanned=262231
# found=0
# cleaned=0
# scan_time=2902
-------------------------------------------------------------

RogueKiller report:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : GunstarPrime [Admin rights]
Mode : Remove -- Date : 05/14/2013 11:09:03
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$b11247e0f0052f701dade48ff4fc9b06\@ [-] --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2553418985-2079685449-805557627-1001\$b11247e0f0052f701dade48ff4fc9b06\@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$b11247e0f0052f701dade48ff4fc9b06\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2553418985-2079685449-805557627-1001\$b11247e0f0052f701dade48ff4fc9b06\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$b11247e0f0052f701dade48ff4fc9b06\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2553418985-2079685449-805557627-1001\$b11247e0f0052f701dade48ff4fc9b06\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-00YGA0 ATA Device +++++
--- User ---
[MBR] b33bd12b8cc62377e3109c59142f5f15
[BSP] fabc35918a311e88e3840c74a47209e1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : >
RKreport[1]_S_05142013_02d1105.txt ; RKreport[2]_D_05142013_02d1109.txt

I tried uninstalling MSE, but I get a popup saying access denied. IE is also fubar, downloads go to completion and then are deleted saying there was a virus.

Same issue as before even in safe mode with networking with mbar anti rootkit. I tried renaming zip file to no avail.

ComboFix log:

ComboFix 13-05-14.01 - GunstarPrime 05/14/2013 22:37:44.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6614 [GMT -7:00]
Running from: c:\users\GunstarPrime\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\GunstarPrime\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\GunstarPrime\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\GunstarPrime\jucheck.exe
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SysInfo
.
.
((((((((((((((((((((((((( Files Created from 2013-04-15 to 2013-05-15 )))))))))))))))))))))))))))))))
.
.
2013-05-14 17:51 . 2013-05-14 17:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-14 17:51 . 2013-05-14 17:51 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-14 17:51 . 2013-05-14 17:51 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-14 17:50 . 2013-05-14 17:50 -------- d-----w- c:\programdata\McAfee
2013-05-14 08:55 . 2013-05-14 08:55 -------- d-----w- c:\program files (x86)\ESET
2013-05-14 04:46 . 2013-05-09 08:59 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-14 04:46 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-14 04:46 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-14 04:46 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-14 04:46 . 2013-05-09 08:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-14 04:46 . 2013-05-09 08:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-14 04:46 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-14 04:46 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-14 04:46 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-14 04:46 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-05-14 04:45 . 2013-05-14 04:45 -------- d-----w- c:\program files\AVAST Software
2013-05-14 04:44 . 2013-05-14 04:45 -------- d-----w- c:\programdata\AVAST Software
2013-05-13 16:38 . 2013-05-13 16:38 -------- d-----w- c:\users\GunstarPrime\AppData\Local\ESET
2013-05-13 05:17 . 2013-05-13 05:17 -------- d-----w- c:\users\GunstarPrime\AppData\Local\Macromedia
2013-05-13 05:14 . 2013-05-13 05:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-05-12 19:51 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-05-12 19:51 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-05-12 19:51 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-12 19:51 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-05-12 19:51 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-05-12 19:51 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-12 19:51 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-05-12 19:51 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-05-12 19:42 . 2013-05-12 19:56 -------- d-----w- c:\windows\Panther
2013-05-12 07:20 . 2013-05-13 16:38 -------- d-----w- c:\users\GunstarPrime\AppData\Roaming\75fc973e-1eb9-496f-a967-93ad3a56bc6bad
2013-05-12 07:20 . 2013-05-12 07:20 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7262489-FB87-46C2-8695-BD59BE848C60}\offreg.dll
2013-05-12 04:43 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7262489-FB87-46C2-8695-BD59BE848C60}\mpengine.dll
2013-05-11 01:23 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-03 02:40 . 2013-05-04 09:54 -------- d-----w- c:\users\GunstarPrime\AppData\Roaming\Awesomium
2013-05-03 02:01 . 2013-05-03 02:01 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-05-03 02:01 . 2013-05-03 02:01 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-05-03 02:00 . 2013-05-03 02:00 -------- d-----w- c:\program files (x86)\Secret Identity Studios
2013-05-03 02:00 . 2013-05-04 09:26 -------- d-----w- c:\programdata\BitRaider
2013-04-25 00:55 . 2013-04-25 00:55 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E109CF9-2C62-4BE0-A04A-81F534B1C574}\gapaengine.dll
2013-04-19 07:42 . 2013-04-19 07:42 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 18:56 . 2013-02-04 06:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 18:56 . 2013-02-04 06:03 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 17:51 . 2011-01-20 08:36 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-12 19:53 . 2011-11-28 08:32 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-05-10 06:21 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2010-02-03 03:38 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 21:50 . 2012-01-11 20:59 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 22:02 . 2013-03-13 22:02 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-13 22:02 . 2013-03-13 22:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-13 22:02 . 2013-03-13 22:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-13 22:02 . 2013-03-13 22:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-13 22:02 . 2013-03-13 22:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-13 22:02 . 2013-03-13 22:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-13 22:02 . 2013-03-13 22:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-13 22:02 . 2013-03-13 22:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-13 22:02 . 2013-03-13 22:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-13 22:02 . 2013-03-13 22:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-13 22:02 . 2013-03-13 22:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-13 22:02 . 2013-03-13 22:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-13 22:02 . 2013-03-13 22:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-13 22:02 . 2013-03-13 22:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-13 22:02 . 2013-03-13 22:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-13 22:02 . 2013-03-13 22:02 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-13 22:02 . 2013-03-13 22:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-13 22:02 . 2013-03-13 22:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-13 22:02 . 2013-03-13 22:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-13 22:02 . 2013-03-13 22:02 441856 ----a-w- c:\windows\system32\html.iec
2013-03-13 22:02 . 2013-03-13 22:02 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-13 22:02 . 2013-03-13 22:02 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-13 22:02 . 2013-03-13 22:02 235008 ----a-w- c:\windows\system32\url.dll
2013-03-13 22:02 . 2013-03-13 22:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-13 22:02 . 2013-03-13 22:02 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-13 22:02 . 2013-03-13 22:02 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-13 22:02 . 2013-03-13 22:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-13 22:02 . 2013-03-13 22:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-13 22:02 . 2013-03-13 22:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-13 22:02 . 2013-03-13 22:02 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-13 22:02 . 2013-03-13 22:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-13 22:02 . 2013-03-13 22:02 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-13 22:02 . 2013-03-13 22:02 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-13 22:02 . 2013-03-13 22:02 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-13 22:02 . 2013-03-13 22:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-13 22:02 . 2013-03-13 22:02 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-13 22:02 . 2013-03-13 22:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-13 22:02 . 2013-03-13 22:02 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-13 22:02 . 2013-03-13 22:02 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-13 22:02 . 2013-03-13 22:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-13 22:02 . 2013-03-13 22:02 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-13 22:02 . 2013-03-13 22:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-13 22:02 . 2013-03-13 22:02 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-13 22:02 . 2013-03-13 22:02 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-13 22:02 . 2013-03-13 22:02 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-13 22:02 . 2013-03-13 22:02 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-13 22:02 . 2013-03-13 22:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-13 22:02 . 2013-03-13 22:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-13 22:02 . 2013-03-13 22:02 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-13 22:00 . 2013-03-13 22:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-13 22:00 . 2013-03-13 22:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-13 22:00 . 2013-03-13 22:00 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-03-13 22:00 . 2013-03-13 22:00 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-13 22:00 . 2013-03-13 22:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-13 22:00 . 2013-03-13 22:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-13 22:00 . 2013-03-13 22:00 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-13 22:00 . 2013-03-13 22:00 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-13 22:00 . 2013-03-13 22:00 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-13 22:00 . 2013-03-13 22:00 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-13 22:00 . 2013-03-13 22:00 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-13 22:00 . 2013-03-13 22:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-13 22:00 . 2013-03-13 22:00 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-13 22:00 . 2013-03-13 22:00 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-03-13 22:00 . 2013-03-13 22:00 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-13 22:00 . 2013-03-13 22:00 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-13 22:00 . 2013-03-13 22:00 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-13 22:00 . 2013-03-13 22:00 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-13 22:00 . 2013-03-13 22:00 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-13 22:00 . 2013-03-13 22:00 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-13 22:00 . 2013-03-13 22:00 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-03-13 22:00 . 2013-03-13 22:00 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-13 22:00 . 2013-03-13 22:00 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-03-13 22:00 . 2013-03-13 22:00 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-03-13 22:00 . 2013-03-13 22:00 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-03-13 22:00 . 2013-03-13 22:00 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 gshbubps;gshbubps;c:\windows\system32\drivers\gshbubps.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys [2013-05-03 74024]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe [2013-05-03 938776]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-09 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2007-09-29 46464]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-10-29 53312]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-26 126976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-22 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-26 687400]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-13 11856]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2012-03-27 398112]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-04 18:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{6C2471BB-9102-4FAF-935E-2379D59DA0D8}: NameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\GunstarPrime\AppData\Roaming\Mozilla\Firefox\Profiles\a5psrp7e.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - ExtSQL: 2013-05-13 00:20; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\GunstarPrime\AppData\Roaming\Mozilla\Firefox\Profiles\a5psrp7e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-13 01:08; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\GunstarPrime\AppData\Roaming\Mozilla\Firefox\Profiles\a5psrp7e.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2013-05-13 21:46; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-05-14 10:49; {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2553418985-2079685449-805557627-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2553418985-2079685449-805557627-1001\Software\SecuROM\License information*]
"datasecu"=hex:9d,ef,7a,f0,1c,2a,27,9d,b9,df,d4,22,6e,c8,6d,0a,4a,a6,c4,b3,38,
d2,2c,1c,6a,a8,7a,96,fc,77,c2,59,12,db,14,bd,97,36,37,69,58,f7,d6,7b,b5,a8,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\windows\SysWOW64\CTXFISPI.EXE
.
**************************************************************************
.
Completion time: 2013-05-14 22:50:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-15 05:50
.
Pre-Run: 161,984,851,968 bytes free
Post-Run: 161,784,582,144 bytes free
.
- - End Of File - - 4B93921B06D33C1DF82ECA658A627171

We need to make sure you have the most recent version of ComboFix.
Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from one of these links:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 

http://www.forospyware.com/sUBs/ComboFix.exe
 

Save the file to your Desktop.

Close any open browsers.

Close your AntiVirus and any anti-spyware programs you may be running.

For this next step, please ensure that ComboFix.exe is on your desktop:

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.

quote:

---

ADS::
C:\Windows\SysWow64\zlib.dll
ClearJavaCache::
Driver::
gshbubps.sys
X6va009
sptd

---

Save this as CFScript.txt, in the same location as ComboFix.exe




Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply.

Please download Rkill by Grinler from one of these links:

Rkill.exe - http://download.bleepingcomputer.com/grinler/rkill.exe
 

Rkill.com - http://download.bleepingcomputer.com/grinler/rkill.com
 

Rkill.scr - http://download.bleepingcomputer.com/grinler/rkill.scr
 

Rkill.pif - http://download.bleepingcomputer.com/grinler/rkill.pif
 

Save rkill.exe to your Desktop.
Double-click on rkill.exe to run it.
If the first one does not run successfully, try the other copies and see if one of them will run.

After the utility completes it will create a log on the desktop, rkill.txt.
Please post that log in your next reply.

Can you now successfully download MBAR and unzip it, update it, and do a system scan?
If you can, please post the log from ComboFix, the log from rkill, and note any errors encountered.

If you are still unable to download and run MBAR, do this also:

Please run a scan with Kaspersky Rescue Disk.

Read all these directions before proceeding.

Be sure to read these:
Download Kaspersky Rescue Disk 10
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. A CD/DVD is best as there is no way anything can write on it after it is made. If the system you burn the disk on has Windows 7, you don't need an extra program, just follow these directions to burn the image to disk:
»windows.microsoft.com/en-us/wind···iso-file
»technet.microsoft.com/en-us/maga···080.aspx

Summarizing:

- Go to a clean PC.
- Download the .iso image file.
- Create a CD (or flash drive if you prefer).
- At the infected PC: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?

Print the following directions:

Boot from Kaspersky Rescue Disk 10:

- Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
- Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.
- Select the required interface language using the arrow-keys on your keyboard.
- Press the Enter key on the keyboard.
- In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode
- Click Enter.
- Click '1' to accept the agreement.
- Select operating system from dropdown menu (select Windows whatever)
- Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:
- Click My Update Center and update if any available
- Back to other tab and click Start Object Scan (this may take several hours)
- When scan has completed save a report:
-- On the upper part of the Kaspersky Rescue Disk window, click on the Report link.
-- On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.
-- On the upper right hand corner of the Detailed report window, click on the Save button.
-- After clicking Detailed Report and 'SAVE', a browse window opens.
-- Double-click on the \
-- Click 'disks'.
-- All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.
-- Click on the Save button.
-- The report has been saved to the file.
- Remove the disk from the drive (or disconnect USB) and reboot normally.
Please post the log from Kaspersky Rescue Disk, the log from ComboFix, the log from rkill, and note any errors encountered.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

Ok so i got MBAR to run, used a flashdrive.

Here's the logs.

ComboFix 13-05-15.01 - GunstarPrime 05/15/2013 20:06:33.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5973 [GMT -7:00]
Running from: c:\users\GunstarPrime\Desktop\ComboFix.exe
Command switches used :: c:\users\GunstarPrime\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - zlib.dll: deleted 256 bytes in 3 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPTD
-------\Legacy_X6VA009
-------\Service_sptd
-------\Service_X6va009
.
.
((((((((((((((((((((((((( Files Created from 2013-04-16 to 2013-05-16 )))))))))))))))))))))))))))))))
.
.
2013-05-16 03:12 . 2013-05-16 03:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-16 03:12 . 2013-05-16 03:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-15 06:09 . 2013-05-15 06:09 -------- d-----w- c:\program files (x86)\AVAST Software
2013-05-14 17:51 . 2013-05-14 17:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-14 17:51 . 2013-05-14 17:51 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-14 17:51 . 2013-05-14 17:51 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-14 17:50 . 2013-05-14 17:50 -------- d-----w- c:\programdata\McAfee
2013-05-14 08:55 . 2013-05-14 08:55 -------- d-----w- c:\program files (x86)\ESET
2013-05-14 04:46 . 2013-05-09 08:59 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-14 04:46 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-14 04:46 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-14 04:46 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-14 04:46 . 2013-05-09 08:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-14 04:46 . 2013-05-09 08:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-14 04:46 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-14 04:46 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-14 04:46 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-14 04:46 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-05-14 04:45 . 2013-05-14 04:45 -------- d-----w- c:\program files\AVAST Software
2013-05-14 04:44 . 2013-05-14 04:45 -------- d-----w- c:\programdata\AVAST Software
2013-05-13 16:38 . 2013-05-13 16:38 -------- d-----w- c:\users\GunstarPrime\AppData\Local\ESET
2013-05-13 05:17 . 2013-05-13 05:17 -------- d-----w- c:\users\GunstarPrime\AppData\Local\Macromedia
2013-05-13 05:14 . 2013-05-13 05:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-05-12 19:51 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-05-12 19:51 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-05-12 19:51 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-12 19:51 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-05-12 19:51 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-05-12 19:51 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-12 19:51 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-05-12 19:51 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-05-12 19:42 . 2013-05-12 19:56 -------- d-----w- c:\windows\Panther
2013-05-12 07:20 . 2013-05-13 16:38 -------- d-----w- c:\users\GunstarPrime\AppData\Roaming\75fc973e-1eb9-496f-a967-93ad3a56bc6bad
2013-05-12 07:20 . 2013-05-12 07:20 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7262489-FB87-46C2-8695-BD59BE848C60}\offreg.dll
2013-05-12 04:43 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7262489-FB87-46C2-8695-BD59BE848C60}\mpengine.dll
2013-05-11 01:23 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-03 02:40 . 2013-05-04 09:54 -------- d-----w- c:\users\GunstarPrime\AppData\Roaming\Awesomium
2013-05-03 02:01 . 2013-05-03 02:01 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-05-03 02:01 . 2013-05-03 02:01 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-05-03 02:00 . 2013-05-03 02:00 -------- d-----w- c:\program files (x86)\Secret Identity Studios
2013-05-03 02:00 . 2013-05-04 09:26 -------- d-----w- c:\programdata\BitRaider
2013-04-25 00:55 . 2013-04-25 00:55 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E109CF9-2C62-4BE0-A04A-81F534B1C574}\gapaengine.dll
2013-04-19 07:42 . 2013-04-19 07:42 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 18:56 . 2013-02-04 06:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 18:56 . 2013-02-04 06:03 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 17:51 . 2011-01-20 08:36 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-12 19:53 . 2011-11-28 08:32 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-05-10 06:21 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2010-02-03 03:38 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 21:50 . 2012-01-11 20:59 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 22:02 . 2013-03-13 22:02 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-13 22:02 . 2013-03-13 22:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-13 22:02 . 2013-03-13 22:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-13 22:02 . 2013-03-13 22:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-13 22:02 . 2013-03-13 22:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-13 22:02 . 2013-03-13 22:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-13 22:02 . 2013-03-13 22:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-13 22:02 . 2013-03-13 22:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-13 22:02 . 2013-03-13 22:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-13 22:02 . 2013-03-13 22:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-13 22:02 . 2013-03-13 22:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-13 22:02 . 2013-03-13 22:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-13 22:02 . 2013-03-13 22:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-13 22:02 . 2013-03-13 22:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-13 22:02 . 2013-03-13 22:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-13 22:02 . 2013-03-13 22:02 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-13 22:02 . 2013-03-13 22:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-13 22:02 . 2013-03-13 22:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-13 22:02 . 2013-03-13 22:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-13 22:02 . 2013-03-13 22:02 441856 ----a-w- c:\windows\system32\html.iec
2013-03-13 22:02 . 2013-03-13 22:02 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-13 22:02 . 2013-03-13 22:02 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-13 22:02 . 2013-03-13 22:02 235008 ----a-w- c:\windows\system32\url.dll
2013-03-13 22:02 . 2013-03-13 22:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-13 22:02 . 2013-03-13 22:02 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-13 22:02 . 2013-03-13 22:02 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-13 22:02 . 2013-03-13 22:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-13 22:02 . 2013-03-13 22:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-13 22:02 . 2013-03-13 22:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-13 22:02 . 2013-03-13 22:02 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-13 22:02 . 2013-03-13 22:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-13 22:02 . 2013-03-13 22:02 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-13 22:02 . 2013-03-13 22:02 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-13 22:02 . 2013-03-13 22:02 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-13 22:02 . 2013-03-13 22:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-13 22:02 . 2013-03-13 22:02 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-13 22:02 . 2013-03-13 22:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-13 22:02 . 2013-03-13 22:02 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-13 22:02 . 2013-03-13 22:02 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-13 22:02 . 2013-03-13 22:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-13 22:02 . 2013-03-13 22:02 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-13 22:02 . 2013-03-13 22:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-13 22:02 . 2013-03-13 22:02 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-13 22:02 . 2013-03-13 22:02 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-13 22:02 . 2013-03-13 22:02 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-13 22:02 . 2013-03-13 22:02 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-13 22:02 . 2013-03-13 22:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-13 22:02 . 2013-03-13 22:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-13 22:02 . 2013-03-13 22:02 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-13 22:00 . 2013-03-13 22:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-13 22:00 . 2013-03-13 22:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-13 22:00 . 2013-03-13 22:00 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-03-13 22:00 . 2013-03-13 22:00 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-13 22:00 . 2013-03-13 22:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-13 22:00 . 2013-03-13 22:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-13 22:00 . 2013-03-13 22:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-13 22:00 . 2013-03-13 22:00 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-13 22:00 . 2013-03-13 22:00 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-13 22:00 . 2013-03-13 22:00 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-13 22:00 . 2013-03-13 22:00 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-13 22:00 . 2013-03-13 22:00 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-13 22:00 . 2013-03-13 22:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-13 22:00 . 2013-03-13 22:00 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-13 22:00 . 2013-03-13 22:00 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-03-13 22:00 . 2013-03-13 22:00 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-13 22:00 . 2013-03-13 22:00 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-13 22:00 . 2013-03-13 22:00 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-13 22:00 . 2013-03-13 22:00 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-13 22:00 . 2013-03-13 22:00 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-13 22:00 . 2013-03-13 22:00 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-13 22:00 . 2013-03-13 22:00 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-03-13 22:00 . 2013-03-13 22:00 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-13 22:00 . 2013-03-13 22:00 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-03-13 22:00 . 2013-03-13 22:00 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-03-13 22:00 . 2013-03-13 22:00 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-03-13 22:00 . 2013-03-13 22:00 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 gshbubps;gshbubps;c:\windows\system32\drivers\gshbubps.sys [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys [2013-05-03 74024]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe [2013-05-03 938776]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-09 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2007-09-29 46464]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-10-29 53312]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-26 126976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-22 1255736]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-26 687400]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-13 11856]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2012-03-27 398112]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-04 18:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{6C2471BB-9102-4FAF-935E-2379D59DA0D8}: NameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\GunstarPrime\AppData\Roaming\Mozilla\Firefox\Profiles\a5psrp7e.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - ExtSQL: 2013-05-13 00:20; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\GunstarPrime\AppData\Roaming\Mozilla\Firefox\Profiles\a5psrp7e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-13 01:08; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\GunstarPrime\AppData\Roaming\Mozilla\Firefox\Profiles\a5psrp7e.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2013-05-13 21:46; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-05-14 10:49; {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2553418985-2079685449-805557627-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2553418985-2079685449-805557627-1001\Software\SecuROM\License information*]
"datasecu"=hex:9d,ef,7a,f0,1c,2a,27,9d,b9,df,d4,22,6e,c8,6d,0a,4a,a6,c4,b3,38,
d2,2c,1c,6a,a8,7a,96,fc,77,c2,59,12,db,14,bd,97,36,37,69,58,f7,d6,7b,b5,a8,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\windows\SysWOW64\CTXFISPI.EXE
.
**************************************************************************
.
Completion time: 2013-05-15 20:18:55 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-16 03:18
ComboFix2.txt 2013-05-15 05:50
.
Pre-Run: 158,901,968,896 bytes free
Post-Run: 158,808,846,336 bytes free
.
- - End Of File - - 82D83C10A3C7FB40B83E8E81EC13E44A

Rkill 2.4.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/15/2013 08:22:26 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 05/15/2013 08:22:33 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16540

Java version: 1.6.0_45

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 8589402112, free: 7216103424

------------ Kernel report ------------
05/15/2013 20:50:52
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\ctprxy2k.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\irsir.sys
\SystemRoot\system32\drivers\irenum.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\msiscsi.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\ha20x2k.sys
\SystemRoot\system32\drivers\emupia2k.sys
\SystemRoot\system32\drivers\ctsfm2k.sys
\SystemRoot\system32\drivers\ctac32k.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\CTHWIUT.SYS
\SystemRoot\System32\drivers\CT20XUT.SYS
\SystemRoot\System32\drivers\CTEXFIFX.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\user32.dll
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\normaliz.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\msvcrt.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msctf.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\gdi32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008102790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa80080d7060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80079f6060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80079f1060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.05.16.01
Downloaded database version: v2013.05.14.03
Initializing...
Done!
>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80079f6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007575b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80079f6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80075509b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80079f1060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00c5c8540, 0xfffffa80079f6060, 0xfffffa8008910790
Lower DeviceData: 0xfffff8a00c76c1a0, 0xfffffa80079f1060, 0xfffffa8008c10e40
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
>>
Device number: 0, partition: 1
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 33F033F

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 625137664
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008102790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008036040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008102790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80080d7060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00c74eb60, 0xfffffa8008102790, 0xfffffa8008fd8790
Lower DeviceData: 0xfffff8a00c5f0610, 0xfffffa80080d7060, 0xfffffa8009c74090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6BA59

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 3915712
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2004876800 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

BDR worked and found something. The first scan I "ignored" for some reason. The second scan I killed a Trojan.

Here are both logs:

====================================================
= Logging started on Sat 18 May 2013 07:18:46 PM UTC
====================================================

List of objects to be scanned:
- /media/LocalDisk-0

Object '/media/LocalDisk-0/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{78376769-89CA-0537-4E87-5BFCEDD59B04}-skype.exe=>(Quarantine-PE)' is infected with 'Trojan.GenericKDZ.17643'
Failed to scan '/media/LocalDisk-0/Users/GunstarPrime/Downloads/PT2_Full_2.2.4/Pristontale2_EN_v224-1.bin': Permission denied
Failed to scan '/media/LocalDisk-0/Users/GunstarPrime/Downloads/PT2_Full_2.2.4/Pristontale2_EN_v224-2.bin': Permission denied

==================================================
= Applying actions
==================================================
File '/media/LocalDisk-0/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{78376769-89CA-0537-4E87-5BFCEDD59B04}-skype.exe' has been ignored

==================================================
= Applying actions
==================================================
File '/media/LocalDisk-0/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{78376769-89CA-0537-4E87-5BFCEDD59B04}-skype.exe' has been ignored

==================================================
= Applying actions
==================================================
File '/media/LocalDisk-0/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{78376769-89CA-0537-4E87-5BFCEDD59B04}-skype.exe' has been ignored

==================================================
= Applying actions
==================================================
File '/media/LocalDisk-0/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{78376769-89CA-0537-4E87-5BFCEDD59B04}-skype.exe' has been ignored

==================================================
= Applying actions
==================================================
File '/media/LocalDisk-0/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{78376769-89CA-0537-4E87-5BFCEDD59B04}-skype.exe' has been ignored

====================================================
= Logging started on Sun 19 May 2013 05:06:01 AM UTC
====================================================

List of objects to be scanned:
- /media/LocalDisk-0

Object '/media/LocalDisk-0/ProgramData/Microsoft/Microsoft Antimalware/LocalCopy/{78376769-89CA-0537-4E87-5BFCEDD59B04}-skype.exe=>(Quarantine-PE)' is infected with 'Trojan.GenericKDZ.17643'
Failed to scan '/media/LocalDisk-0/Users/GunstarPrime/Downloads/PT2_Full_2.2.4/Pristontale2_EN_v224-1.bin': Permission denied
Failed to scan '/media/LocalDisk-0/Users/GunstarPrime/Downloads/PT2_Full_2.2.4/Pristontale2_EN_v224-2.bin': Permission denied

==================================================
= Applying actions
==================================================

Not sure if the logs are showing that actually disinfected the trojan or not, but i did. I dont use skype that much, i think i should just uninstall. Or is that a cover for the trojan?

Here you go. Thanks for your patience! Long gaps because of work!

2012-04-05 07:37:40 Sophos Virus Removal Tool version 2.0
2012-04-05 07:37:40 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2012-04-05 07:37:40 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-04-05 07:37:40 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2012-04-05 07:37:40 Component SVRTcli.exe version 2.0
2012-04-05 07:37:40 Component control.dll version 2.0
2012-04-05 07:37:40 Component SVRTservice.exe version 2.0
2012-04-05 07:37:40 Component osdp.dll version 1.44.0.1951
2012-04-05 07:37:40 Component veex.dll version 3.30.0.1951
2012-04-05 07:37:40 Component savi.dll version 7.5.6.1951
2012-04-05 07:37:41 Component rkdisk.dll version 1.5.26.0
2012-04-05 07:37:46 Option all = no
2012-04-05 07:37:46 Option recurse = yes
2012-04-05 07:37:46 Option archive = no
2012-04-05 07:37:46 Option service = yes
2012-04-05 07:37:46 Option confirm = yes
2012-04-05 07:37:46 Option sxl = yes
2012-04-05 07:37:46 Option max-data-age = 35
2012-04-05 07:37:46 Version info: Product version 2.0
2012-04-05 07:37:46 Version info: Detection engine 3.30.0
2012-04-05 07:37:46 Version info: Detection data 4.76
2012-04-05 07:37:46 Version info: Virus data date 4/2/2012
2012-04-05 07:37:46 Version info: Data files added 211

2012-04-05 08:21:56 Could not open C:\Boot\BCD
2012-04-05 08:27:17 Could not open C:\System Volume Information\{09703d21-7e27-11e1-a26d-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-04-05 08:27:17 Could not open C:\System Volume Information\{0a933664-7ba7-11e1-bf0f-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-04-05 08:27:17 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-04-05 08:27:17 Could not open C:\System Volume Information\{525de8df-7f2c-11e1-9f1d-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-04-05 08:27:24 >>> Virus 'Mal/EncPk-ADV' found in file C:\Users\GunstarPrime\AppData\Local\SecuROM\bwjgypzh.dll
2012-04-05 08:27:24 >>> Virus 'Mal/EncPk-ADV' found in file HKU\S-1-5-21-2553418985-2079685449-805557627-1001\Software\Microsoft\Windows\CurrentVersion\Run\SecuROM
2012-04-05 08:27:53 >>> Virus 'Mal/Generic-S' found in file C:\Users\GunstarPrime\Downloads\winlauncherxp-setup\setup.exe
2012-04-05 08:31:04 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2012-04-05 08:31:04 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2012-04-05 08:42:35 The following items will be cleaned up:
2012-04-05 08:42:35 Mal/EncPk-ADV
2012-04-05 08:42:35 Mal/Generic-S
2012-04-05 09:03:16 Process "C:\Windows\SysWOW64\rundll32.exe:pid:00000ab4" belongs to malware 'Mal/EncPk-ADV'.
2012-04-05 09:03:16 Process "C:\Windows\SysWOW64\rundll32.exe:pid:00000ab4" has been cleaned up.
2012-04-05 09:03:16 Process "C:\Windows\SysWOW64\Ctxfihlp.exe:pid:00000b30" belongs to malware 'Mal/EncPk-ADV'.
2012-04-05 09:03:16 Process "C:\Windows\SysWOW64\Ctxfihlp.exe:pid:00000b30" has been cleaned up.
2012-04-05 09:03:16 Process "C:\Program Files (x86)\Internet Explorer\iexplore.exe:pid:00000b38" belongs to malware 'Mal/EncPk-ADV'.
2012-04-05 09:03:16 Process "C:\Program Files (x86)\Internet Explorer\iexplore.exe:pid:00000b38" has been cleaned up.
2012-04-05 09:03:16 Process "C:\Windows\SysWOW64\CTxfispi.exe:pid:00000ad8" belongs to malware 'Mal/EncPk-ADV'.
2012-04-05 09:03:16 Process "C:\Windows\SysWOW64\CTxfispi.exe:pid:00000ad8" was not cleaned up.
2012-04-05 09:03:16 Registry value "HKU\S-1-5-21-2553418985-2079685449-805557627-1001\Software\Microsoft\Windows\CurrentVersion\Run\SecuROM" belongs to malware 'Mal/EncPk-ADV'.
2012-04-05 09:03:16 Registry value "HKU\S-1-5-21-2553418985-2079685449-805557627-1001\Software\Microsoft\Windows\CurrentVersion\Run\SecuROM" has been cleaned up.
2012-04-05 09:03:16 File "C:\Users\GunstarPrime\AppData\Local\SecuROM\bwjgypzh.dll" belongs to malware 'Mal/EncPk-ADV'.
2012-04-05 09:03:16 File "C:\Users\GunstarPrime\AppData\Local\SecuROM\bwjgypzh.dll" was not cleaned up.
2012-04-05 09:03:16 Removal failed
2012-04-05 09:03:16 >>> Virus 'Mal/Generic-S' found in file C:\Users\GunstarPrime\Downloads\winlauncherxp-setup\setup.exe
2012-04-05 09:03:16 Disinfection failed

2012-04-05 09:03:58 Scan completed.
2012-04-05 09:03:58

------------------------------------------------------------

2012-04-05 09:04:11 Sophos Virus Removal Tool version 2.0
2012-04-05 09:04:11 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2012-04-05 09:04:11 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-04-05 09:04:11 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2012-04-05 09:04:11 Component SVRTcli.exe version 2.0
2012-04-05 09:04:11 Component control.dll version 2.0
2012-04-05 09:04:11 Component SVRTservice.exe version 2.0
2012-04-05 09:04:11 Component osdp.dll version 1.44.0.1951
2012-04-05 09:04:11 Component veex.dll version 3.30.0.1951
2012-04-05 09:04:11 Component savi.dll version 7.5.6.1951
2012-04-05 09:04:11 Component rkdisk.dll version 1.5.26.0
2012-04-05 09:04:17 Option all = no
2012-04-05 09:04:17 Option recurse = yes
2012-04-05 09:04:17 Option archive = no
2012-04-05 09:04:17 Option service = yes
2012-04-05 09:04:17 Option confirm = yes
2012-04-05 09:04:17 Option sxl = yes
2012-04-05 09:04:17 Option max-data-age = 35
2012-04-05 09:04:17 Version info: Product version 2.0
2012-04-05 09:04:17 Version info: Detection engine 3.30.0
2012-04-05 09:04:17 Version info: Detection data 4.76
2012-04-05 09:04:17 Version info: Virus data date 4/2/2012
2012-04-05 09:04:17 Version info: Data files added 211

2012-04-05 09:04:42 Scan completed.
2012-04-05 09:04:42

------------------------------------------------------------

2012-04-09 17:09:36 Sophos Virus Removal Tool version 2.0
2012-04-09 17:09:36 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2012-04-09 17:09:36 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-04-09 17:09:36 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2012-04-09 17:09:36 Component SVRTcli.exe version 2.0
2012-04-09 17:09:36 Component control.dll version 2.0
2012-04-09 17:09:36 Component SVRTservice.exe version 2.0
2012-04-09 17:09:36 Component osdp.dll version 1.44.0.1951
2012-04-09 17:09:36 Component veex.dll version 3.30.0.1951
2012-04-09 17:09:36 Component savi.dll version 7.5.6.1951
2012-04-09 17:09:36 Component rkdisk.dll version 1.5.26.0

2012-04-09 17:09:38 Scan completed.
2012-04-09 17:09:38

------------------------------------------------------------

2013-05-20 23:24:37 Sophos Virus Removal Tool version 2.3
2013-05-20 23:24:37 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-05-20 23:24:37 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-05-20 23:24:37 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-05-20 23:24:37 Checking for updates...
2013-05-20 23:24:44 Update progress: proxy server not available
2013-05-20 23:24:46 Option all = no
2013-05-20 23:24:46 Option recurse = yes
2013-05-20 23:24:46 Option archive = no
2013-05-20 23:24:46 Option service = yes
2013-05-20 23:24:46 Option confirm = yes
2013-05-20 23:24:46 Option sxl = yes
2013-05-20 23:24:46 Option max-data-age = 35
2013-05-20 23:24:46 Component SVRTcli.exe version 2.3
2013-05-20 23:24:46 Component control.dll version 2.3
2013-05-20 23:24:46 Component SVRTservice.exe version 2.3
2013-05-20 23:24:46 Component engine\osdp.dll version 1.44.0.2080
2013-05-20 23:24:46 Component engine\veex.dll version 3.43.0.2080
2013-05-20 23:24:46 Component engine\savi.dll version 7.5.11.2080
2013-05-20 23:24:46 Component rkdisk.dll version 1.5.30.0
2013-05-20 23:24:46 Version info: Product version 2.3
2013-05-20 23:24:46 Version info: Detection engine 3.43.0
2013-05-20 23:24:46 Version info: Detection data 4.89
2013-05-20 23:24:46 Version info: Build date 5/8/2013
2013-05-20 23:24:46 Version info: Data files added 313
2013-05-20 23:24:46 Version info: Last successful update (not yet updated)
2013-05-20 23:28:50 Sophos Virus Removal Tool version 2.3
2013-05-20 23:28:50 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-05-20 23:28:50 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-05-20 23:28:50 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-05-20 23:28:50 Checking for updates...
2013-05-20 23:28:53 Update progress: proxy server not available
2013-05-20 23:28:54 Option all = no
2013-05-20 23:28:54 Option recurse = yes
2013-05-20 23:28:54 Option archive = no
2013-05-20 23:28:54 Option service = yes
2013-05-20 23:28:54 Option confirm = yes
2013-05-20 23:28:54 Option sxl = yes
2013-05-20 23:28:54 Option max-data-age = 35
2013-05-20 23:28:54 Component SVRTcli.exe version 2.3
2013-05-20 23:28:54 Component control.dll version 2.3
2013-05-20 23:28:54 Component SVRTservice.exe version 2.3
2013-05-20 23:28:54 Component engine\osdp.dll version 1.44.0.2080
2013-05-20 23:28:54 Component engine\veex.dll version 3.43.0.2080
2013-05-20 23:28:54 Component engine\savi.dll version 7.5.11.2080
2013-05-20 23:28:54 Component rkdisk.dll version 1.5.30.0
2013-05-20 23:28:54 Version info: Product version 2.3
2013-05-20 23:28:54 Version info: Detection engine 3.43.0
2013-05-20 23:28:54 Version info: Detection data 4.89
2013-05-20 23:28:54 Version info: Build date 5/8/2013
2013-05-20 23:28:54 Version info: Data files added 313
2013-05-20 23:28:54 Version info: Last successful update (not yet updated)
2013-05-20 23:28:57 Downloading updates...
2013-05-20 23:28:57 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-05-20 23:28:57 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-05-20 23:28:57 Update progress: [I49502] Found supplement IDE490 LATEST
2013-05-20 23:28:57 Update progress: [I49502] Found supplement IDE491 LATEST
2013-05-20 23:28:57 Update progress: [I49502] Found supplement IDE492 LATEST
2013-05-20 23:28:57 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-05-20 23:28:57 Update progress: [I19463] Syncing product SAVIW32 27
2013-05-20 23:28:59 Update progress: [I19463] Syncing product IDE490 182
2013-05-20 23:28:59 Installing updates...
2013-05-20 23:28:59 Update progress: [I19463] Syncing product IDE491 136
2013-05-20 23:28:59 Update progress: [I19463] Syncing product IDE492 1
2013-05-20 23:29:02 Update successful
2013-05-20 23:29:08 Option all = no
2013-05-20 23:29:08 Option recurse = yes
2013-05-20 23:29:08 Option archive = no
2013-05-20 23:29:08 Option service = yes
2013-05-20 23:29:08 Option confirm = yes
2013-05-20 23:29:08 Option sxl = yes
2013-05-20 23:29:08 Option max-data-age = 35
2013-05-20 23:29:08 Component SVRTcli.exe version 2.3
2013-05-20 23:29:08 Component control.dll version 2.3
2013-05-20 23:29:08 Component SVRTservice.exe version 2.3
2013-05-20 23:29:08 Component engine\osdp.dll version 1.44.0.2080
2013-05-20 23:29:08 Component engine\veex.dll version 3.43.0.2080
2013-05-20 23:29:08 Component engine\savi.dll version 7.5.11.2080
2013-05-20 23:29:08 Component rkdisk.dll version 1.5.30.0
2013-05-20 23:29:08 Version info: Product version 2.3
2013-05-20 23:29:08 Version info: Detection engine 3.43.0
2013-05-20 23:29:08 Version info: Detection data 4.89G
2013-05-20 23:29:08 Version info: Build date 5/8/2013
2013-05-20 23:29:08 Version info: Data files added 313
2013-05-20 23:29:08 Version info: Last successful update 5/20/2013 11:29:02 PM

2013-05-20 23:36:49 Could not open C:\Boot\BCD
2013-05-20 23:46:54 Could not open C:\System Volume Information\{34e4d673-c089-11e2-beb9-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-20 23:46:54 Could not open C:\System Volume Information\{34e4d6ac-c089-11e2-beb9-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-20 23:46:54 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-20 23:46:54 Could not open C:\System Volume Information\{93b6672f-c1d3-11e2-871a-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-20 23:46:54 Could not open C:\System Volume Information\{a677eba2-bc69-11e2-9aa2-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-20 23:52:37 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2013-05-20 23:52:37 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

A possible cause of the BSOD you had is memory corruption. Are you overclocking your system, or overclocking the memory? If so, I would set the timings back to the default.

You also have a Windows problem, that's the "SideBySide" errors in the error log portion of your OTL Extras logfile. You can read about that here:
»en.wikipedia.org/wiki/Side-by-si···314.aspx

That would take more expert Windows assistance, possibly in the »Microsoft forum here.

Please go to VirusTotal and submit the following file for a scan and post the detection results (I don't need the "additional information") in your next reply:
C:\Users\GunstarPrime\AppData\Roaming\75fc973e-1eb9-496f-a967-93ad3a56bc6bad\fceebfaadabcbad.exe

For now, I would also uninstall Java completely.
Please go to Start > Control Panel > Programs and Features, and uninstall the following programs:
Java(TM) 7
Java(TM) 6 Update 24

Then delete the following folder if still there:
C:\UsersGunstarPrime\AppData\LocalLow\Sun

Then I would run another scan with Sophos Virus Removal Tool. Start the program, allow it to update, and run another scan and post the results.

Can you now download with Internet Explorer without an infected file warning from your antivirus?
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

The folder C:\Users\GunstarPrime\AppData\Roaming\75fc973e-1eb9-496f-a967-93ad3a56bc6bad is empty, and does not contain fceebfaadabcbad.exe.

Deleted all java and the Sun folder as requested.

SVRT log;

2012-04-05 07:37:40 Sophos Virus Removal Tool version 2.0
2012-04-05 07:37:40 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2012-04-05 07:37:40 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-04-05 07:37:40 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2012-04-05 07:37:40 Component SVRTcli.exe version 2.0
2012-04-05 07:37:40 Component control.dll version 2.0
2012-04-05 07:37:40 Component SVRTservice.exe version 2.0
2012-04-05 07:37:40 Component osdp.dll version 1.44.0.1951
2012-04-05 07:37:40 Component veex.dll version 3.30.0.1951
2012-04-05 07:37:40 Component savi.dll version 7.5.6.1951
2012-04-05 07:37:41 Component rkdisk.dll version 1.5.26.0
2012-04-05 07:37:46 Option all = no
2012-04-05 07:37:46 Option recurse = yes
2012-04-05 07:37:46 Option archive = no
2012-04-05 07:37:46 Option service = yes
2012-04-05 07:37:46 Option confirm = yes
2012-04-05 07:37:46 Option sxl = yes
2012-04-05 07:37:46 Option max-data-age = 35
2012-04-05 07:37:46 Version info: Product version 2.0
2012-04-05 07:37:46 Version info: Detection engine 3.30.0
2012-04-05 07:37:46 Version info: Detection data 4.76
2012-04-05 07:37:46 Version info: Virus data date 4/2/2012
2012-04-05 07:37:46 Version info: Data files added 211

2012-04-05 08:21:56 Could not open C:\Boot\BCD
2012-04-05 08:27:17 Could not open C:\System Volume Information\{09703d21-7e27-11e1-a26d-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-04-05 08:27:17 Could not open C:\System Volume Information\{0a933664-7ba7-11e1-bf0f-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-04-05 08:27:17 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-04-05 08:27:17 Could not open C:\System Volume Information\{525de8df-7f2c-11e1-9f1d-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-04-05 08:27:24 >>> Virus 'Mal/EncPk-ADV' found in file C:\Users\GunstarPrime\AppData\Local\SecuROM\bwjgypzh.dll
2012-04-05 08:27:24 >>> Virus 'Mal/EncPk-ADV' found in file HKU\S-1-5-21-2553418985-2079685449-805557627-1001\Software\Microsoft\Windows\CurrentVersion\Run\SecuROM
2012-04-05 08:27:53 >>> Virus 'Mal/Generic-S' found in file C:\Users\GunstarPrime\Downloads\winlauncherxp-setup\setup.exe
2012-04-05 08:31:04 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2012-04-05 08:31:04 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2012-04-05 08:42:35 The following items will be cleaned up:
2012-04-05 08:42:35 Mal/EncPk-ADV
2012-04-05 08:42:35 Mal/Generic-S
2012-04-05 09:03:16 Process "C:\Windows\SysWOW64\rundll32.exe:pid:00000ab4" belongs to malware 'Mal/EncPk-ADV'.
2012-04-05 09:03:16 Process "C:\Windows\SysWOW64\rundll32.exe:pid:00000ab4" has been cleaned up.
2012-04-05 09:03:16 Process "C:\Windows\SysWOW64\Ctxfihlp.exe:pid:00000b30" belongs to malware 'Mal/EncPk-ADV'.
2012-04-05 09:03:16 Process "C:\Windows\SysWOW64\Ctxfihlp.exe:pid:00000b30" has been cleaned up.
2012-04-05 09:03:16 Process "C:\Program Files (x86)\Internet Explorer\iexplore.exe:pid:00000b38" belongs to malware 'Mal/EncPk-ADV'.
2012-04-05 09:03:16 Process "C:\Program Files (x86)\Internet Explorer\iexplore.exe:pid:00000b38" has been cleaned up.
2012-04-05 09:03:16 Process "C:\Windows\SysWOW64\CTxfispi.exe:pid:00000ad8" belongs to malware 'Mal/EncPk-ADV'.
2012-04-05 09:03:16 Process "C:\Windows\SysWOW64\CTxfispi.exe:pid:00000ad8" was not cleaned up.
2012-04-05 09:03:16 Registry value "HKU\S-1-5-21-2553418985-2079685449-805557627-1001\Software\Microsoft\Windows\CurrentVersion\Run\SecuROM" belongs to malware 'Mal/EncPk-ADV'.
2012-04-05 09:03:16 Registry value "HKU\S-1-5-21-2553418985-2079685449-805557627-1001\Software\Microsoft\Windows\CurrentVersion\Run\SecuROM" has been cleaned up.
2012-04-05 09:03:16 File "C:\Users\GunstarPrime\AppData\Local\SecuROM\bwjgypzh.dll" belongs to malware 'Mal/EncPk-ADV'.
2012-04-05 09:03:16 File "C:\Users\GunstarPrime\AppData\Local\SecuROM\bwjgypzh.dll" was not cleaned up.
2012-04-05 09:03:16 Removal failed
2012-04-05 09:03:16 >>> Virus 'Mal/Generic-S' found in file C:\Users\GunstarPrime\Downloads\winlauncherxp-setup\setup.exe
2012-04-05 09:03:16 Disinfection failed

2012-04-05 09:03:58 Scan completed.
2012-04-05 09:03:58

------------------------------------------------------------

2012-04-05 09:04:11 Sophos Virus Removal Tool version 2.0
2012-04-05 09:04:11 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2012-04-05 09:04:11 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-04-05 09:04:11 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2012-04-05 09:04:11 Component SVRTcli.exe version 2.0
2012-04-05 09:04:11 Component control.dll version 2.0
2012-04-05 09:04:11 Component SVRTservice.exe version 2.0
2012-04-05 09:04:11 Component osdp.dll version 1.44.0.1951
2012-04-05 09:04:11 Component veex.dll version 3.30.0.1951
2012-04-05 09:04:11 Component savi.dll version 7.5.6.1951
2012-04-05 09:04:11 Component rkdisk.dll version 1.5.26.0
2012-04-05 09:04:17 Option all = no
2012-04-05 09:04:17 Option recurse = yes
2012-04-05 09:04:17 Option archive = no
2012-04-05 09:04:17 Option service = yes
2012-04-05 09:04:17 Option confirm = yes
2012-04-05 09:04:17 Option sxl = yes
2012-04-05 09:04:17 Option max-data-age = 35
2012-04-05 09:04:17 Version info: Product version 2.0
2012-04-05 09:04:17 Version info: Detection engine 3.30.0
2012-04-05 09:04:17 Version info: Detection data 4.76
2012-04-05 09:04:17 Version info: Virus data date 4/2/2012
2012-04-05 09:04:17 Version info: Data files added 211

2012-04-05 09:04:42 Scan completed.
2012-04-05 09:04:42

------------------------------------------------------------

2012-04-09 17:09:36 Sophos Virus Removal Tool version 2.0
2012-04-09 17:09:36 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2012-04-09 17:09:36 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2012-04-09 17:09:36 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2012-04-09 17:09:36 Component SVRTcli.exe version 2.0
2012-04-09 17:09:36 Component control.dll version 2.0
2012-04-09 17:09:36 Component SVRTservice.exe version 2.0
2012-04-09 17:09:36 Component osdp.dll version 1.44.0.1951
2012-04-09 17:09:36 Component veex.dll version 3.30.0.1951
2012-04-09 17:09:36 Component savi.dll version 7.5.6.1951
2012-04-09 17:09:36 Component rkdisk.dll version 1.5.26.0

2012-04-09 17:09:38 Scan completed.
2012-04-09 17:09:38

------------------------------------------------------------

2013-05-20 23:24:37 Sophos Virus Removal Tool version 2.3
2013-05-20 23:24:37 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-05-20 23:24:37 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-05-20 23:24:37 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-05-20 23:24:37 Checking for updates...
2013-05-20 23:24:44 Update progress: proxy server not available
2013-05-20 23:24:46 Option all = no
2013-05-20 23:24:46 Option recurse = yes
2013-05-20 23:24:46 Option archive = no
2013-05-20 23:24:46 Option service = yes
2013-05-20 23:24:46 Option confirm = yes
2013-05-20 23:24:46 Option sxl = yes
2013-05-20 23:24:46 Option max-data-age = 35
2013-05-20 23:24:46 Component SVRTcli.exe version 2.3
2013-05-20 23:24:46 Component control.dll version 2.3
2013-05-20 23:24:46 Component SVRTservice.exe version 2.3
2013-05-20 23:24:46 Component engine\osdp.dll version 1.44.0.2080
2013-05-20 23:24:46 Component engine\veex.dll version 3.43.0.2080
2013-05-20 23:24:46 Component engine\savi.dll version 7.5.11.2080
2013-05-20 23:24:46 Component rkdisk.dll version 1.5.30.0
2013-05-20 23:24:46 Version info: Product version 2.3
2013-05-20 23:24:46 Version info: Detection engine 3.43.0
2013-05-20 23:24:46 Version info: Detection data 4.89
2013-05-20 23:24:46 Version info: Build date 5/8/2013
2013-05-20 23:24:46 Version info: Data files added 313
2013-05-20 23:24:46 Version info: Last successful update (not yet updated)
2013-05-20 23:28:50 Sophos Virus Removal Tool version 2.3
2013-05-20 23:28:50 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-05-20 23:28:50 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-05-20 23:28:50 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-05-20 23:28:50 Checking for updates...
2013-05-20 23:28:53 Update progress: proxy server not available
2013-05-20 23:28:54 Option all = no
2013-05-20 23:28:54 Option recurse = yes
2013-05-20 23:28:54 Option archive = no
2013-05-20 23:28:54 Option service = yes
2013-05-20 23:28:54 Option confirm = yes
2013-05-20 23:28:54 Option sxl = yes
2013-05-20 23:28:54 Option max-data-age = 35
2013-05-20 23:28:54 Component SVRTcli.exe version 2.3
2013-05-20 23:28:54 Component control.dll version 2.3
2013-05-20 23:28:54 Component SVRTservice.exe version 2.3
2013-05-20 23:28:54 Component engine\osdp.dll version 1.44.0.2080
2013-05-20 23:28:54 Component engine\veex.dll version 3.43.0.2080
2013-05-20 23:28:54 Component engine\savi.dll version 7.5.11.2080
2013-05-20 23:28:54 Component rkdisk.dll version 1.5.30.0
2013-05-20 23:28:54 Version info: Product version 2.3
2013-05-20 23:28:54 Version info: Detection engine 3.43.0
2013-05-20 23:28:54 Version info: Detection data 4.89
2013-05-20 23:28:54 Version info: Build date 5/8/2013
2013-05-20 23:28:54 Version info: Data files added 313
2013-05-20 23:28:54 Version info: Last successful update (not yet updated)
2013-05-20 23:28:57 Downloading updates...
2013-05-20 23:28:57 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-05-20 23:28:57 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-05-20 23:28:57 Update progress: [I49502] Found supplement IDE490 LATEST
2013-05-20 23:28:57 Update progress: [I49502] Found supplement IDE491 LATEST
2013-05-20 23:28:57 Update progress: [I49502] Found supplement IDE492 LATEST
2013-05-20 23:28:57 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-05-20 23:28:57 Update progress: [I19463] Syncing product SAVIW32 27
2013-05-20 23:28:59 Update progress: [I19463] Syncing product IDE490 182
2013-05-20 23:28:59 Installing updates...
2013-05-20 23:28:59 Update progress: [I19463] Syncing product IDE491 136
2013-05-20 23:28:59 Update progress: [I19463] Syncing product IDE492 1
2013-05-20 23:29:02 Update successful
2013-05-20 23:29:08 Option all = no
2013-05-20 23:29:08 Option recurse = yes
2013-05-20 23:29:08 Option archive = no
2013-05-20 23:29:08 Option service = yes
2013-05-20 23:29:08 Option confirm = yes
2013-05-20 23:29:08 Option sxl = yes
2013-05-20 23:29:08 Option max-data-age = 35
2013-05-20 23:29:08 Component SVRTcli.exe version 2.3
2013-05-20 23:29:08 Component control.dll version 2.3
2013-05-20 23:29:08 Component SVRTservice.exe version 2.3
2013-05-20 23:29:08 Component engine\osdp.dll version 1.44.0.2080
2013-05-20 23:29:08 Component engine\veex.dll version 3.43.0.2080
2013-05-20 23:29:08 Component engine\savi.dll version 7.5.11.2080
2013-05-20 23:29:08 Component rkdisk.dll version 1.5.30.0
2013-05-20 23:29:08 Version info: Product version 2.3
2013-05-20 23:29:08 Version info: Detection engine 3.43.0
2013-05-20 23:29:08 Version info: Detection data 4.89G
2013-05-20 23:29:08 Version info: Build date 5/8/2013
2013-05-20 23:29:08 Version info: Data files added 313
2013-05-20 23:29:08 Version info: Last successful update 5/20/2013 11:29:02 PM

2013-05-20 23:36:49 Could not open C:\Boot\BCD
2013-05-20 23:46:54 Could not open C:\System Volume Information\{34e4d673-c089-11e2-beb9-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-20 23:46:54 Could not open C:\System Volume Information\{34e4d6ac-c089-11e2-beb9-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-20 23:46:54 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-20 23:46:54 Could not open C:\System Volume Information\{93b6672f-c1d3-11e2-871a-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-20 23:46:54 Could not open C:\System Volume Information\{a677eba2-bc69-11e2-9aa2-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-20 23:52:37 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2013-05-20 23:52:37 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

2013-05-21 00:20:19 Scan completed.
2013-05-21 00:20:19

------------------------------------------------------------

2013-05-27 22:12:52 Sophos Virus Removal Tool version 2.3
2013-05-27 22:12:52 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-05-27 22:12:52 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-05-27 22:12:52 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-05-27 22:12:52 Checking for updates...
2013-05-27 22:12:55 Update progress: proxy server not available
2013-05-27 22:13:07 Option all = no
2013-05-27 22:13:07 Option recurse = yes
2013-05-27 22:13:07 Option archive = no
2013-05-27 22:13:07 Option service = yes
2013-05-27 22:13:07 Option confirm = yes
2013-05-27 22:13:07 Option sxl = yes
2013-05-27 22:13:07 Option max-data-age = 35
2013-05-27 22:13:07 Component SVRTcli.exe version 2.3
2013-05-27 22:13:07 Component control.dll version 2.3
2013-05-27 22:13:07 Component SVRTservice.exe version 2.3
2013-05-27 22:13:07 Component engine\osdp.dll version 1.44.0.2080
2013-05-27 22:13:07 Component engine\veex.dll version 3.43.0.2080
2013-05-27 22:13:07 Component engine\savi.dll version 7.5.11.2080
2013-05-27 22:13:07 Component rkdisk.dll version 1.5.30.0
2013-05-27 22:13:07 Version info: Product version 2.3
2013-05-27 22:13:07 Version info: Detection engine 3.43.0
2013-05-27 22:13:07 Version info: Detection data 4.89G
2013-05-27 22:13:07 Version info: Build date 5/8/2013
2013-05-27 22:13:07 Version info: Data files added 313
2013-05-27 22:13:07 Version info: Last successful update 5/20/2013 11:29:02 PM
2013-05-27 22:13:22 Downloading updates...
2013-05-27 22:13:22 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-05-27 22:13:22 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-05-27 22:13:22 Update progress: [I49502] Found supplement IDE490 LATEST
2013-05-27 22:13:22 Update progress: [I49502] Found supplement IDE491 LATEST
2013-05-27 22:13:22 Update progress: [I49502] Found supplement IDE492 LATEST
2013-05-27 22:13:22 Update progress: [I49502] Found supplement IDE493 LATEST
2013-05-27 22:13:22 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-05-27 22:13:22 Update progress: [I19463] Syncing product SAVIW32 27
2013-05-27 22:13:22 Update progress: [I19463] Syncing product IDE490 182
2013-05-27 22:13:22 Update progress: [I19463] Syncing product IDE491 179
2013-05-27 22:13:28 Installing updates...
2013-05-27 22:13:28 Update progress: [I19463] Syncing product IDE492 1
2013-05-27 22:13:28 Update progress: [I19463] Syncing product IDE493 1
2013-05-27 22:13:28 Update successful
2013-05-27 22:13:33 Option all = no
2013-05-27 22:13:33 Option recurse = yes
2013-05-27 22:13:33 Option archive = no
2013-05-27 22:13:33 Option service = yes
2013-05-27 22:13:33 Option confirm = yes
2013-05-27 22:13:33 Option sxl = yes
2013-05-27 22:13:33 Option max-data-age = 35
2013-05-27 22:13:33 Component SVRTcli.exe version 2.3
2013-05-27 22:13:33 Component control.dll version 2.3
2013-05-27 22:13:33 Component SVRTservice.exe version 2.3
2013-05-27 22:13:33 Component engine\osdp.dll version 1.44.0.2080
2013-05-27 22:13:33 Component engine\veex.dll version 3.43.0.2080
2013-05-27 22:13:33 Component engine\savi.dll version 7.5.11.2080
2013-05-27 22:13:33 Component rkdisk.dll version 1.5.30.0
2013-05-27 22:13:33 Version info: Product version 2.3
2013-05-27 22:13:33 Version info: Detection engine 3.43.0
2013-05-27 22:13:33 Version info: Detection data 4.89G
2013-05-27 22:13:33 Version info: Build date 5/8/2013
2013-05-27 22:13:33 Version info: Data files added 356
2013-05-27 22:13:33 Version info: Last successful update 5/27/2013 10:13:28 PM

2013-05-27 22:20:48 Could not open C:\Boot\BCD
2013-05-27 22:30:00 Could not open C:\System Volume Information\{34e4d673-c089-11e2-beb9-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-27 22:30:00 Could not open C:\System Volume Information\{34e4d6ac-c089-11e2-beb9-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-27 22:30:00 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-27 22:30:00 Could not open C:\System Volume Information\{93b6672f-c1d3-11e2-871a-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-27 22:30:00 Could not open C:\System Volume Information\{a677eba2-bc69-11e2-9aa2-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-05-27 22:35:23 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2013-05-27 22:35:23 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

2013-05-27 23:21:31 Scan completed.
2013-05-27 23:21:31

------------------------------------------------------------

2013-06-03 01:39:55 Sophos Virus Removal Tool version 2.3
2013-06-03 01:39:55 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-06-03 01:39:55 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-06-03 01:39:55 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-06-03 01:39:55 Checking for updates...
2013-06-03 01:39:58 Update progress: proxy server not available
2013-06-03 01:40:05 Option all = no
2013-06-03 01:40:05 Option recurse = yes
2013-06-03 01:40:05 Option archive = no
2013-06-03 01:40:05 Option service = yes
2013-06-03 01:40:05 Option confirm = yes
2013-06-03 01:40:05 Option sxl = yes
2013-06-03 01:40:05 Option max-data-age = 35
2013-06-03 01:40:05 Component SVRTcli.exe version 2.3
2013-06-03 01:40:05 Component control.dll version 2.3
2013-06-03 01:40:05 Component SVRTservice.exe version 2.3
2013-06-03 01:40:05 Component engine\osdp.dll version 1.44.0.2080
2013-06-03 01:40:05 Component engine\veex.dll version 3.43.0.2080
2013-06-03 01:40:05 Component engine\savi.dll version 7.5.11.2080
2013-06-03 01:40:06 Component rkdisk.dll version 1.5.30.0
2013-06-03 01:40:06 Version info: Product version 2.3
2013-06-03 01:40:06 Version info: Detection engine 3.43.0
2013-06-03 01:40:06 Version info: Detection data 4.89G
2013-06-03 01:40:06 Version info: Build date 5/8/2013
2013-06-03 01:40:06 Version info: Data files added 356
2013-06-03 01:40:06 Version info: Last successful update 5/27/2013 10:13:28 PM
2013-06-03 01:40:09 Downloading updates...
2013-06-03 01:40:09 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-06-03 01:40:09 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-06-03 01:40:09 Update progress: [I49502] Found supplement IDE490 LATEST
2013-06-03 01:40:09 Update progress: [I49502] Found supplement IDE491 LATEST
2013-06-03 01:40:09 Update progress: [I49502] Found supplement IDE492 LATEST
2013-06-03 01:40:09 Update progress: [I49502] Found supplement IDE493 LATEST
2013-06-03 01:40:09 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-06-03 01:40:09 Update progress: [I19463] Syncing product SAVIW32 27
2013-06-03 01:40:09 Update progress: [I19463] Syncing product IDE490 182
2013-06-03 01:40:10 Update progress: [I19463] Syncing product IDE491 181
2013-06-03 01:40:11 Update progress: [I19463] Syncing product IDE492 34
2013-06-03 01:40:16 Installing updates...
2013-06-03 01:40:17 Update progress: [I19463] Syncing product IDE493 1
2013-06-03 01:40:17 Update successful
2013-06-03 01:40:22 Option all = no
2013-06-03 01:40:22 Option recurse = yes
2013-06-03 01:40:22 Option archive = no
2013-06-03 01:40:22 Option service = yes
2013-06-03 01:40:22 Option confirm = yes
2013-06-03 01:40:22 Option sxl = yes
2013-06-03 01:40:22 Option max-data-age = 35
2013-06-03 01:40:22 Component SVRTcli.exe version 2.3
2013-06-03 01:40:22 Component control.dll version 2.3
2013-06-03 01:40:22 Component SVRTservice.exe version 2.3
2013-06-03 01:40:22 Component engine\osdp.dll version 1.44.0.2080
2013-06-03 01:40:22 Component engine\veex.dll version 3.43.0.2080
2013-06-03 01:40:22 Component engine\savi.dll version 7.5.11.2080
2013-06-03 01:40:22 Component rkdisk.dll version 1.5.30.0
2013-06-03 01:40:22 Version info: Product version 2.3
2013-06-03 01:40:22 Version info: Detection engine 3.43.0
2013-06-03 01:40:22 Version info: Detection data 4.89G
2013-06-03 01:40:22 Version info: Build date 5/8/2013
2013-06-03 01:40:22 Version info: Data files added 391
2013-06-03 01:40:22 Version info: Last successful update 6/3/2013 1:40:17 AM

2013-06-03 01:40:34 Scan completed.
2013-06-03 01:40:34

------------------------------------------------------------

2013-06-03 02:46:50 Sophos Virus Removal Tool version 2.3
2013-06-03 02:46:50 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-06-03 02:46:50 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-06-03 02:46:50 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-06-03 02:46:50 Checking for updates...
2013-06-03 02:46:54 Update progress: proxy server not available
2013-06-03 02:47:02 Update not required
2013-06-03 02:47:05 Option all = no
2013-06-03 02:47:05 Option recurse = yes
2013-06-03 02:47:05 Option archive = no
2013-06-03 02:47:05 Option service = yes
2013-06-03 02:47:05 Option confirm = yes
2013-06-03 02:47:05 Option sxl = yes
2013-06-03 02:47:05 Option max-data-age = 35
2013-06-03 02:47:05 Component SVRTcli.exe version 2.3
2013-06-03 02:47:05 Component control.dll version 2.3
2013-06-03 02:47:05 Component SVRTservice.exe version 2.3
2013-06-03 02:47:05 Component engine\osdp.dll version 1.44.0.2080
2013-06-03 02:47:05 Component engine\veex.dll version 3.43.0.2080
2013-06-03 02:47:05 Component engine\savi.dll version 7.5.11.2080
2013-06-03 02:47:05 Component rkdisk.dll version 1.5.30.0
2013-06-03 02:47:05 Version info: Product version 2.3
2013-06-03 02:47:05 Version info: Detection engine 3.43.0
2013-06-03 02:47:05 Version info: Detection data 4.89G
2013-06-03 02:47:05 Version info: Build date 5/8/2013
2013-06-03 02:47:05 Version info: Data files added 391
2013-06-03 02:47:05 Version info: Last successful update 6/3/2013 1:40:17 AM

2013-06-03 02:55:03 Could not open C:\Boot\BCD
2013-06-03 03:05:03 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-03 03:05:03 Could not open C:\System Volume Information\{83ab785d-cc14-11e2-af17-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-03 03:05:03 Could not open C:\System Volume Information\{83ab7861-cc14-11e2-af17-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-03 03:05:03 Could not open C:\System Volume Information\{83ab7865-cc14-11e2-af17-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-03 03:05:03 Could not open C:\System Volume Information\{c0a90df7-c97b-11e2-8300-000129a48eab}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-03 03:10:38 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2013-06-03 03:10:38 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

2013-06-03 04:18:21 Scan completed.
2013-06-03 04:18:21

------------------------------------------------------------

IE is still fubar.

I appreciate all the help. However, I think it's high time I did a nuke and boot/reinstall of windows. Is there a FAQ/guide to do it properly? I want to completely zero the drive and delete all partitions. Since I recently had a real nasty bug on my PC, is there special steps I need to take?

Thanks again for the help, but this install has gone for awhile and that zero access bug really damaged my OS. Maybe a fresh start will help.