Kurohana
2012-11-20, 04:02
hello i have ad.xtendmedia and need help removing it. Here is my info
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.7.2
Run by KuroShiroitachi at 21:37:26 on 2012-11-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2047.566 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Winsent Messenger] "c:\program files\winsent messenger\winsent.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {7B19E477-0FF8-11d4-9914-005004D3B3DB} - hxxp://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{377FBCFA-C32A-43B3-A732-97243EA3367C} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3A01AF04-B6F3-4EC0-AC96-31239CC41400} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kuroshiroitachi\appdata\roaming\mozilla\firefox\profiles\mczhr1om.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\kuroshiroitachi\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\kuroshiroitachi\appdata\roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: c:\users\kuroshiroitachi\appdata\roaming\rckr\plugins\nprcplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-11-13 242240]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-9-27 217600]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-9-28 291840]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-5-14 86656]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2012-11-13 17792]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2012-10-5 1093888]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
=============== Created Last 30 ================
.
2012-11-20 02:12:55 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-11-20 02:12:51 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{499158c3-ad91-453e-ba02-b0d0631bcf91}\mpengine.dll
2012-11-20 01:49:56 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\Avg2013
2012-11-20 00:55:49 -------- d-----w- c:\users\kuroshiroitachi\appdata\roaming\TuneUp Software
2012-11-20 00:45:53 -------- d--h--w- c:\programdata\Common Files
2012-11-20 00:45:53 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\MFAData
2012-11-20 00:45:53 -------- d-----w- c:\programdata\MFAData
2012-11-16 03:00:58 -------- d-----w- c:\users\kuroshiroitachi\appdata\roaming\foobar2000
2012-11-16 03:00:34 -------- d-----w- c:\program files\foobar2000
2012-11-15 00:56:52 -------- d-----w- c:\program files\common files\Macrovision Shared
2012-11-14 03:07:06 -------- d-----w- c:\users\kuroshiroitachi\appdata\roaming\Screaming Bee
2012-11-14 03:04:50 -------- d-----w- c:\programdata\Screaming Bee
2012-11-14 03:04:49 -------- d-----w- c:\program files\Screaming Bee
2012-11-14 02:19:51 -------- d-----w- c:\users\kuroshiroitachi\appdata\roaming\Avnex
2012-11-14 02:19:37 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys
2012-11-14 02:19:32 -------- d-----w- c:\program files\AV Vcs 7.0 DIAMOND
2012-11-14 01:41:36 -------- d-----w- C:\vcs5BGEffects
2012-11-14 01:41:33 -------- d-----w- C:\vcs5core
2012-11-14 01:41:33 -------- d-----w- C:\AV_LOGS
2012-11-14 01:39:57 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2012-11-13 17:07:27 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-13 17:07:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-11-11 22:47:32 -------- d-----w- c:\users\kuroshiroitachi\appdata\roaming\RCKR
2012-11-10 20:14:59 -------- d-----w- c:\program files\AMD AVT
2012-11-10 20:14:55 -------- d-----w- c:\program files\AMD APP
2012-11-10 20:10:17 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-11-10 20:10:17 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-11-10 20:10:17 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-11-10 20:10:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-11-10 20:10:17 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-11-10 20:08:37 -------- d-----w- C:\AMD
2012-11-10 19:43:10 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\ElevatedDiagnostics
2012-11-10 19:40:42 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\AMD
2012-11-10 19:40:30 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\ATI
2012-11-10 19:39:52 0 ----a-w- c:\windows\ativpsrm.bin
2012-11-10 19:38:18 -------- d-----w- c:\program files\common files\ATI Technologies
2012-11-10 19:37:38 -------- d-----w- c:\programdata\AMD
2012-11-10 19:36:51 -------- d-----w- c:\program files\ATI Technologies
2012-11-10 19:36:48 -------- d-----w- c:\program files\ATI
2012-11-04 21:06:19 182272 ----a-w- c:\windows\patchw32.dll
2012-11-04 21:00:00 -------- d-----w- c:\program files\Lionhead Studios Ltd
2012-11-04 18:51:46 -------- d-----w- c:\programdata\PopCap Games
2012-11-04 15:12:11 -------- d-----w- c:\users\kuroshiroitachi\appdata\roaming\Unity
2012-11-04 14:58:21 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\Unity
2012-10-28 00:06:07 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\Adobe
2012-10-22 07:03:08 -------- d-----w- c:\program files\Firaxis Games
.
==================== Find3M ====================
.
2012-10-12 22:17:21 2829 ----a-w- c:\windows\War3Unin.pif
2012-10-12 22:17:21 139264 ----a-w- c:\windows\War3Unin.exe
2012-10-09 14:18:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 14:18:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-06 23:24:57 258352 ----a-w- c:\windows\system32\unicows.dll
2012-10-05 22:46:02 75118 ----a-w- c:\windows\system32\37da862e.exe
2012-10-05 17:30:06 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-05 17:30:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 17:30:05 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-28 20:36:56 180224 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 20:36:40 65536 ----a-w- c:\windows\system32\OpenVideo.dll
2012-09-28 20:36:34 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-09-28 20:32:16 27341824 ----a-w- c:\windows\system32\amdocl.dll
2012-09-28 02:22:56 5557928 ----a-w- c:\windows\system32\atiumdag.dll
2012-09-28 02:20:20 9107968 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05:36 58880 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03:52 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02:28 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-09-28 02:02:20 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-09-28 01:57:20 13703168 ----a-w- c:\windows\system32\aticaldd.dll
2012-09-28 01:43:28 935424 ----a-w- c:\windows\system32\aticfx32.dll
2012-09-28 01:41:14 19624960 ----a-w- c:\windows\system32\atioglxx.dll
2012-09-28 01:39:36 6536192 ----a-w- c:\windows\system32\atidxx32.dll
2012-09-28 01:39:14 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:38:42 473088 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38:02 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36:42 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-09-28 01:36:34 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-09-28 01:22:30 2691584 ----a-w- c:\windows\system32\atiumdva.dll
2012-09-28 01:13:28 405504 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13:12 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13:00 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-09-28 01:12:48 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-09-28 01:12:48 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-09-28 01:12:10 370176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:11:16 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-09-28 01:10:58 82944 ----a-w- c:\windows\system32\atiu9pag.dll
2012-09-28 01:09:48 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-15 17:15:28 499200 ----a-w- c:\windows\system32\WZDPlay.dll
.
============= FINISH: 21:37:51.92 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 21:49:33
-----------------------------
21:49:33.760 OS Version: Windows 6.1.7600
21:49:33.760 Number of processors: 2 586 0x4B02
21:49:33.776 ComputerName: BLACKFERRET UserName:
21:49:34.510 Initialize success
21:50:46.435 AVAST engine defs: 12111901
21:53:41.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
21:53:41.323 Disk 0 Vendor: ST325082 3.AH Size: 238475MB BusType: 3
21:53:41.354 Disk 0 MBR read successfully
21:53:41.354 Disk 0 MBR scan
21:53:41.377 Disk 0 Windows 7 default MBR code
21:53:41.385 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229450 MB offset 63
21:53:41.424 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9014 MB offset 469929600
21:53:41.463 Disk 0 scanning sectors +488391120
21:53:41.549 Disk 0 scanning C:\Windows\system32\drivers
21:53:50.791 Service scanning
21:54:11.328 Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 32
21:54:14.101 Modules scanning
21:54:22.085 Disk 0 trace - called modules:
21:54:22.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys >>UNKNOWN [0x8655fef9]<<
21:54:22.507 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e8aa38]
21:54:22.523 3 CLASSPNP.SYS[8918a59e] -> nt!IofCallDriver -> [0x85b92d98]
21:54:22.539 5 ACPI.sys[833be3b2] -> nt!IofCallDriver -> \Device\0000005b[0x85b816e8]
21:54:23.281 AVAST engine scan C:\Windows
21:54:25.468 AVAST engine scan C:\Windows\system32
21:57:29.873 AVAST engine scan C:\Windows\system32\drivers
21:57:42.290 AVAST engine scan C:\Users\KuroShiroitachi
21:59:50.272 AVAST engine scan C:\ProgramData
22:00:13.141 Scan finished successfully
22:00:52.419 Disk 0 MBR has been saved successfully to "C:\Users\KuroShiroitachi\Desktop\MBR.dat"
22:00:52.427 The log file has been saved successfully to "C:\Users\KuroShiroitachi\Desktop\aswMBR.txt"
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.7.2
Run by KuroShiroitachi at 21:37:26 on 2012-11-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2047.566 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Winsent Messenger] "c:\program files\winsent messenger\winsent.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {7B19E477-0FF8-11d4-9914-005004D3B3DB} - hxxp://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{377FBCFA-C32A-43B3-A732-97243EA3367C} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3A01AF04-B6F3-4EC0-AC96-31239CC41400} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kuroshiroitachi\appdata\roaming\mozilla\firefox\profiles\mczhr1om.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\kuroshiroitachi\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\kuroshiroitachi\appdata\roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: c:\users\kuroshiroitachi\appdata\roaming\rckr\plugins\nprcplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-11-13 242240]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-9-27 217600]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2012-9-28 291840]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-5-14 86656]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2012-11-13 17792]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2012-10-5 1093888]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
=============== Created Last 30 ================
.
2012-11-20 02:12:55 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-11-20 02:12:51 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{499158c3-ad91-453e-ba02-b0d0631bcf91}\mpengine.dll
2012-11-20 01:49:56 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\Avg2013
2012-11-20 00:55:49 -------- d-----w- c:\users\kuroshiroitachi\appdata\roaming\TuneUp Software
2012-11-20 00:45:53 -------- d--h--w- c:\programdata\Common Files
2012-11-20 00:45:53 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\MFAData
2012-11-20 00:45:53 -------- d-----w- c:\programdata\MFAData
2012-11-16 03:00:58 -------- d-----w- c:\users\kuroshiroitachi\appdata\roaming\foobar2000
2012-11-16 03:00:34 -------- d-----w- c:\program files\foobar2000
2012-11-15 00:56:52 -------- d-----w- c:\program files\common files\Macrovision Shared
2012-11-14 03:07:06 -------- d-----w- c:\users\kuroshiroitachi\appdata\roaming\Screaming Bee
2012-11-14 03:04:50 -------- d-----w- c:\programdata\Screaming Bee
2012-11-14 03:04:49 -------- d-----w- c:\program files\Screaming Bee
2012-11-14 02:19:51 -------- d-----w- c:\users\kuroshiroitachi\appdata\roaming\Avnex
2012-11-14 02:19:37 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys
2012-11-14 02:19:32 -------- d-----w- c:\program files\AV Vcs 7.0 DIAMOND
2012-11-14 01:41:36 -------- d-----w- C:\vcs5BGEffects
2012-11-14 01:41:33 -------- d-----w- C:\vcs5core
2012-11-14 01:41:33 -------- d-----w- C:\AV_LOGS
2012-11-14 01:39:57 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2012-11-13 17:07:27 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-13 17:07:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-11-11 22:47:32 -------- d-----w- c:\users\kuroshiroitachi\appdata\roaming\RCKR
2012-11-10 20:14:59 -------- d-----w- c:\program files\AMD AVT
2012-11-10 20:14:55 -------- d-----w- c:\program files\AMD APP
2012-11-10 20:10:17 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-11-10 20:10:17 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-11-10 20:10:17 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-11-10 20:10:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-11-10 20:10:17 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-11-10 20:08:37 -------- d-----w- C:\AMD
2012-11-10 19:43:10 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\ElevatedDiagnostics
2012-11-10 19:40:42 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\AMD
2012-11-10 19:40:30 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\ATI
2012-11-10 19:39:52 0 ----a-w- c:\windows\ativpsrm.bin
2012-11-10 19:38:18 -------- d-----w- c:\program files\common files\ATI Technologies
2012-11-10 19:37:38 -------- d-----w- c:\programdata\AMD
2012-11-10 19:36:51 -------- d-----w- c:\program files\ATI Technologies
2012-11-10 19:36:48 -------- d-----w- c:\program files\ATI
2012-11-04 21:06:19 182272 ----a-w- c:\windows\patchw32.dll
2012-11-04 21:00:00 -------- d-----w- c:\program files\Lionhead Studios Ltd
2012-11-04 18:51:46 -------- d-----w- c:\programdata\PopCap Games
2012-11-04 15:12:11 -------- d-----w- c:\users\kuroshiroitachi\appdata\roaming\Unity
2012-11-04 14:58:21 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\Unity
2012-10-28 00:06:07 -------- d-----w- c:\users\kuroshiroitachi\appdata\local\Adobe
2012-10-22 07:03:08 -------- d-----w- c:\program files\Firaxis Games
.
==================== Find3M ====================
.
2012-10-12 22:17:21 2829 ----a-w- c:\windows\War3Unin.pif
2012-10-12 22:17:21 139264 ----a-w- c:\windows\War3Unin.exe
2012-10-09 14:18:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 14:18:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-06 23:24:57 258352 ----a-w- c:\windows\system32\unicows.dll
2012-10-05 22:46:02 75118 ----a-w- c:\windows\system32\37da862e.exe
2012-10-05 17:30:06 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-05 17:30:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 17:30:05 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-28 20:36:56 180224 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 20:36:40 65536 ----a-w- c:\windows\system32\OpenVideo.dll
2012-09-28 20:36:34 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-09-28 20:32:16 27341824 ----a-w- c:\windows\system32\amdocl.dll
2012-09-28 02:22:56 5557928 ----a-w- c:\windows\system32\atiumdag.dll
2012-09-28 02:20:20 9107968 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05:36 58880 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03:52 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02:28 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-09-28 02:02:20 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-09-28 01:57:20 13703168 ----a-w- c:\windows\system32\aticaldd.dll
2012-09-28 01:43:28 935424 ----a-w- c:\windows\system32\aticfx32.dll
2012-09-28 01:41:14 19624960 ----a-w- c:\windows\system32\atioglxx.dll
2012-09-28 01:39:36 6536192 ----a-w- c:\windows\system32\atidxx32.dll
2012-09-28 01:39:14 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:38:42 473088 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38:02 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36:42 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-09-28 01:36:34 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-09-28 01:22:30 2691584 ----a-w- c:\windows\system32\atiumdva.dll
2012-09-28 01:13:28 405504 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13:12 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13:00 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-09-28 01:12:48 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-09-28 01:12:48 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-09-28 01:12:10 370176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:11:16 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-09-28 01:10:58 82944 ----a-w- c:\windows\system32\atiu9pag.dll
2012-09-28 01:09:48 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-15 17:15:28 499200 ----a-w- c:\windows\system32\WZDPlay.dll
.
============= FINISH: 21:37:51.92 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 21:49:33
-----------------------------
21:49:33.760 OS Version: Windows 6.1.7600
21:49:33.760 Number of processors: 2 586 0x4B02
21:49:33.776 ComputerName: BLACKFERRET UserName:
21:49:34.510 Initialize success
21:50:46.435 AVAST engine defs: 12111901
21:53:41.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
21:53:41.323 Disk 0 Vendor: ST325082 3.AH Size: 238475MB BusType: 3
21:53:41.354 Disk 0 MBR read successfully
21:53:41.354 Disk 0 MBR scan
21:53:41.377 Disk 0 Windows 7 default MBR code
21:53:41.385 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229450 MB offset 63
21:53:41.424 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9014 MB offset 469929600
21:53:41.463 Disk 0 scanning sectors +488391120
21:53:41.549 Disk 0 scanning C:\Windows\system32\drivers
21:53:50.791 Service scanning
21:54:11.328 Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 32
21:54:14.101 Modules scanning
21:54:22.085 Disk 0 trace - called modules:
21:54:22.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys >>UNKNOWN [0x8655fef9]<<
21:54:22.507 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e8aa38]
21:54:22.523 3 CLASSPNP.SYS[8918a59e] -> nt!IofCallDriver -> [0x85b92d98]
21:54:22.539 5 ACPI.sys[833be3b2] -> nt!IofCallDriver -> \Device\0000005b[0x85b816e8]
21:54:23.281 AVAST engine scan C:\Windows
21:54:25.468 AVAST engine scan C:\Windows\system32
21:57:29.873 AVAST engine scan C:\Windows\system32\drivers
21:57:42.290 AVAST engine scan C:\Users\KuroShiroitachi
21:59:50.272 AVAST engine scan C:\ProgramData
22:00:13.141 Scan finished successfully
22:00:52.419 Disk 0 MBR has been saved successfully to "C:\Users\KuroShiroitachi\Desktop\MBR.dat"
22:00:52.427 The log file has been saved successfully to "C:\Users\KuroShiroitachi\Desktop\aswMBR.txt"