Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 7 recovery virus

Started by bloggs24 , Jul 09 2011 01:08 AM

  • This topic is locked This topic is locked

#1
bloggs24
Posted 09 July 2011 - 01:08 AM

bloggs24

    Member

  • Member
  • PipPip
  • 32 posts
Hi, my computer is infected with a windows 7 recovery virus, it tries to tell me my computer is failing and i need to purchase a program to fix it. It has hidden all my files and redirects me away from most websites. I've run OTL of a thumbdrive, and posting this from another computer.


OTL logfile created on: 7/9/2011 4:54:35 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = F:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 57.44% Memory free
8.00 Gb Paging File | 6.40 Gb Available in Paging File | 80.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 3.94 Gb Free Space | 5.29% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 208.69 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
Drive E: | 4.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 239.73 Mb Total Space | 4.51 Mb Free Space | 1.88% Space Free | Partition Type: FAT

Computer Name: EMMALINE-PC | User Name: Emmaline | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/09 16:41:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/07/08 14:16:21 | 000,382,976 | -H-- | M] (CACE Technologies, Inc.) -- C:\ProgramData\38133496.exe
PRC - [2011/07/08 14:06:15 | 000,475,136 | -H-- | M] (CACE Technologies, Inc.) -- C:\ProgramData\eHmcHPSHLtmC.exe
PRC - [2011/04/03 18:31:07 | 000,400,760 | -H-- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2011/01/20 19:20:12 | 001,305,408 | -H-- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/06/30 21:32:40 | 000,344,064 | -H-- | M] (SlipStream Data Inc.) -- C:\Program Files (x86)\Dodo Speed Accelerator\slipcore.exe
PRC - [2009/11/25 07:45:36 | 000,053,888 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/11/13 04:10:06 | 001,597,440 | -H-- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/10 13:20:36 | 000,096,896 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/10/27 14:29:32 | 006,998,656 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009/10/27 04:10:42 | 000,174,720 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009/10/10 22:59:00 | 000,239,720 | -H-- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe
PRC - [2009/08/20 14:31:48 | 000,170,624 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009/07/14 11:14:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\attrib.exe
PRC - [2009/06/20 04:29:42 | 000,105,016 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/20 04:29:26 | 002,488,888 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 11:30:42 | 000,084,536 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/19 09:58:38 | 000,305,720 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/12/23 11:15:34 | 000,174,648 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/14 15:00:08 | 000,113,208 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007/12/01 05:20:44 | 000,051,768 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (SafeList) ==========

MOD - [2011/07/09 16:41:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/21 15:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/09 02:52:56 | 000,836,504 | -H-- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2010/09/23 11:10:10 | 000,057,184 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/18 05:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/30 00:06:07 | 000,570,632 | -H-- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/07/30 00:06:05 | 000,917,768 | -H-- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/07/30 00:05:42 | 000,595,960 | -H-- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/19 06:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/10 13:20:36 | 000,096,896 | -H-- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/10/10 22:59:00 | 000,239,720 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/09/15 11:03:42 | 000,044,312 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/06/16 11:30:42 | 000,084,536 | -H-- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 20:55:48 | 000,225,280 | -H-- | M] (ASUSTek Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/06/01 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/06/01 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/01 17:57:53 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 16:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/23 17:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/31 03:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/31 03:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/31 03:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2009/10/15 19:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/06 02:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/11 09:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/09/05 09:13:24 | 000,216,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/08/22 07:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/21 14:24:03 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/08/19 04:44:19 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/30 00:06:59 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2009/07/30 00:06:59 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/07/30 00:06:58 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2009/07/21 03:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/06 04:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/19 08:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/02/20 03:10:14 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsnmea.sys -- (zgwhsnmea)
DRV:64bit: - [2009/02/20 03:10:10 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV:64bit: - [2009/02/20 03:10:06 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV:64bit: - [2008/05/24 11:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/04/24 05:30:34 | 000,005,632 | -H-- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/03 11:36:14 | 000,015,416 | -H-- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files (x86)\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files (x86)\Max_EN\tbMax_.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 61 C7 C3 65 B7 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files (x86)\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files (x86)\Max_EN\tbMax_.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010/02/19 14:16:25 | 000,000,000 | -H-D | M]

[2010/03/17 10:02:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Emmaline\AppData\Roaming\Mozilla\Extensions
[2010/03/17 10:02:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Emmaline\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (freetrialdownloads-EN Toolbar) - {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files (x86)\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
O2 - BHO: (Max EN Toolbar) - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files (x86)\Max_EN\tbMax_.dll (Conduit Ltd.)
O2 - BHO: (NOW!Imaging) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files (x86)\Dodo Speed Accelerator\components\NOWImaging.dll (SlipStream Data Inc.)
O2 - BHO: (Prefetch) - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files (x86)\Dodo Speed Accelerator\Prefetch.dll (SlipStream Data Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (freetrialdownloads-EN Toolbar) - {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files (x86)\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Max EN Toolbar) - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files (x86)\Max_EN\tbMax_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (freetrialdownloads-EN Toolbar) - {5B99C55C-AE59-4D93-BC3B-ED0C8DF4DA08} - C:\Program Files (x86)\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Max EN Toolbar) - {867DD841-5BF7-44CA-8426-C5A6EDA00735} - C:\Program Files (x86)\Max_EN\tbMax_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Setwallpaper] File not found
O4 - HKLM..\Run: [SlipStream] C:\Program Files (x86)\Dodo Speed Accelerator\slipcore.exe (SlipStream Data Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [eHmcHPSHLtmC] C:\ProgramData\eHmcHPSHLtmC.exe (CACE Technologies, Inc.)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - Startup: C:\Users\Emmaline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Dodo Speed Accelerator\sliplsp.dll (SlipStream Data Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Dodo Speed Accelerator\sliplsp.dll (SlipStream Data Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Dodo Speed Accelerator\sliplsp.dll (SlipStream Data Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Dodo Speed Accelerator\sliplsp.dll (SlipStream Data Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1b2e6a27-5c3a-11e0-ad7c-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{1b2e6a27-5c3a-11e0-ad7c-001e101f63cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{61618c62-1d0c-11df-87cc-e0cb4e68cf9e}\Shell - "" = AutoRun
O33 - MountPoints2\{61618c62-1d0c-11df-87cc-e0cb4e68cf9e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{61618c67-1d0c-11df-87cc-e0cb4e68cf9e}\Shell - "" = AutoRun
O33 - MountPoints2\{61618c67-1d0c-11df-87cc-e0cb4e68cf9e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{616190ad-1d0c-11df-87cc-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{616190ad-1d0c-11df-87cc-001e101f1ed9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{616190af-1d0c-11df-87cc-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{616190af-1d0c-11df-87cc-001e101f1ed9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9a13ccc4-7cf3-11e0-94c9-e0cb4e68cf9e}\Shell - "" = AutoRun
O33 - MountPoints2\{9a13ccc4-7cf3-11e0-94c9-e0cb4e68cf9e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5de1273-60dd-11e0-9440-e0cb4e68cf9e}\Shell - "" = AutoRun
O33 - MountPoints2\{a5de1273-60dd-11e0-9440-e0cb4e68cf9e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 14:16:48 | 000,000,000 | -H-D | C] -- C:\Users\Emmaline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix
[2011/07/08 14:16:21 | 000,382,976 | -H-- | C] (CACE Technologies, Inc.) -- C:\ProgramData\38133496.exe
[2011/07/08 14:07:08 | 000,475,136 | -H-- | C] (CACE Technologies, Inc.) -- C:\ProgramData\eHmcHPSHLtmC.exe
[2011/06/30 14:20:37 | 000,000,000 | -H-D | C] -- C:\Users\Emmaline\AppData\Local\{1EC2DE02-C53E-45CB-84AB-67886C192C60}
[2011/06/26 23:30:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2011/06/26 23:30:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\DVD Shrink
[2011/06/26 23:30:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DVD Shrink
[2011/06/24 14:48:47 | 000,000,000 | -H-D | C] -- C:\Users\Emmaline\AppData\Local\YoYo_Games_Ltd
[2011/06/15 15:13:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/15 15:12:55 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2011/06/15 15:12:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\iTunes
[2011/06/15 15:12:55 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011/05/17 10:42:41 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2011/05/17 10:42:40 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2011/05/17 10:42:40 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2011/05/17 10:42:40 | 000,696,320 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2011/05/17 10:42:40 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2011/05/17 10:42:40 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2011/05/17 10:42:40 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2011/05/17 10:42:40 | 000,537,256 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2011/05/17 10:42:40 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2011/05/17 10:42:40 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2011/05/17 10:42:40 | 000,385,704 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2011/05/17 10:42:40 | 000,381,608 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[2011/05/17 10:42:40 | 000,180,904 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2011/05/17 10:42:40 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2011/05/17 10:42:40 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/07/09 16:45:41 | 000,736,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/09 16:45:41 | 000,635,506 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/09 16:45:41 | 000,113,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/09 16:15:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/09 16:15:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/09 16:08:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/09 16:08:19 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 14:23:20 | 000,002,038 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/07/08 14:16:52 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~38133496
[2011/07/08 14:16:52 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~38133496r
[2011/07/08 14:16:48 | 000,000,627 | -H-- | M] () -- C:\Users\Emmaline\Desktop\Windows 7 Fix.lnk
[2011/07/08 14:16:26 | 000,000,344 | -H-- | M] () -- C:\ProgramData\38133496
[2011/07/08 14:16:21 | 000,382,976 | -H-- | M] (CACE Technologies, Inc.) -- C:\ProgramData\38133496.exe
[2011/07/08 14:06:15 | 000,475,136 | -H-- | M] (CACE Technologies, Inc.) -- C:\ProgramData\eHmcHPSHLtmC.exe
[2011/07/04 14:52:10 | 000,482,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/23 20:24:17 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/06/17 17:54:55 | 000,005,632 | -H-- | M] () -- C:\Users\Emmaline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/07/08 14:16:52 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~38133496r
[2011/07/08 14:16:51 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~38133496
[2011/07/08 14:16:48 | 000,000,627 | -H-- | C] () -- C:\Users\Emmaline\Desktop\Windows 7 Fix.lnk
[2011/07/08 14:16:26 | 000,000,344 | -H-- | C] () -- C:\ProgramData\38133496
[2011/05/17 10:42:41 | 000,274,432 | -H-- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2011/05/17 10:42:40 | 000,413,696 | -H-- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2011/03/03 05:23:29 | 000,005,632 | -H-- | C] () -- C:\Users\Emmaline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/24 05:43:16 | 000,722,802 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/24 05:26:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/04/24 05:19:39 | 000,005,632 | -H-- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/01/15 21:00:47 | 000,131,368 | -H-- | C] () -- C:\ProgramData\FullRemove.exe
[2010/01/15 20:49:55 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/10/26 13:38:20 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/10/10 22:59:00 | 000,095,848 | -H-- | C] () -- C:\Windows\SysWow64\nvimage.dll
[2009/08/19 18:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 18:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 15:20:40 | 000,000,010 | -H-- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/02/20 10:31:45 | 000,000,000 | -HSD | M] -- C:\Users\Emmaline\AppData\Roaming\.#
[2010/02/19 15:00:22 | 000,000,000 | -H-D | M] -- C:\Users\Emmaline\AppData\Roaming\Asus WebStorage
[2011/07/09 16:57:34 | 000,000,000 | -H-D | M] -- C:\Users\Emmaline\AppData\Roaming\BitTorrent
[2011/06/01 18:02:15 | 000,000,000 | -H-D | M] -- C:\Users\Emmaline\AppData\Roaming\DAEMON Tools Lite
[2011/07/04 20:50:59 | 000,000,000 | -H-D | M] -- C:\Users\Emmaline\AppData\Roaming\FrostWire
[2010/02/20 02:37:54 | 000,000,000 | -H-D | M] -- C:\Users\Emmaline\AppData\Roaming\GameConsole
[2011/05/20 21:08:16 | 000,000,000 | -H-D | M] -- C:\Users\Emmaline\AppData\Roaming\GameMaker
[2011/06/01 22:41:30 | 000,000,000 | -H-D | M] -- C:\Users\Emmaline\AppData\Roaming\ImgBurn
[2010/12/18 04:39:35 | 000,000,000 | -H-D | M] -- C:\Users\Emmaline\AppData\Roaming\Samsung
[2010/11/05 10:40:19 | 000,000,000 | -H-D | M] -- C:\Users\Emmaline\AppData\Roaming\Uniblue
[2011/02/04 02:42:30 | 000,032,628 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:15024E60
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B88E99C8

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 09 July 2011 - 07:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get you back your files and folders

Download Unhide.exe to your desktop and run

THEN

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

NEXT

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    [2011/07/08 14:16:48 | 000,000,000 | -H-D | C] -- C:\Users\Emmaline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix
    [2011/07/08 14:16:21 | 000,382,976 | -H-- | C] (CACE Technologies, Inc.) -- C:\ProgramData\38133496.exe
    [2011/07/08 14:07:08 | 000,475,136 | -H-- | C] (CACE Technologies, Inc.) -- C:\ProgramData\eHmcHPSHLtmC.exe
    [2011/07/08 14:16:52 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~38133496
    [2011/07/08 14:16:52 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~38133496r
    [2011/07/08 14:16:48 | 000,000,627 | -H-- | M] () -- C:\Users\Emmaline\Desktop\Windows 7 Fix.lnk
    [2011/07/08 14:16:26 | 000,000,344 | -H-- | M] () -- C:\ProgramData\38133496
    [2011/07/08 14:16:21 | 000,382,976 | -H-- | M] (CACE Technologies, Inc.) -- C:\ProgramData\38133496.exe
    [2011/07/08 14:06:15 | 000,475,136 | -H-- | M] (CACE Technologies, Inc.) -- C:\ProgramData\eHmcHPSHLtmC.exe
    [2011/07/08 14:16:52 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~38133496r
    [2011/07/08 14:16:51 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~38133496
    [2011/07/08 14:16:48 | 000,000,627 | -H-- | C] () -- C:\Users\Emmaline\Desktop\Windows 7 Fix.lnk
    [2011/07/08 14:16:26 | 000,000,344 | -H-- | C] () -- C:\ProgramData\38133496
    [2010/02/20 10:31:45 | 000,000,000 | -HSD | M] -- C:\Users\Emmaline\AppData\Roaming\.#

    :Files
    ipconfig /flushdns /c
    attrib -H c:\*.* /s /d /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
bloggs24
Posted 11 July 2011 - 08:44 PM

bloggs24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Sorry, have been without internet for a couple of days. From what i can tell, the only thing remaining is the browser redirect. Thanks for your help so far.

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Emmaline [Admin rights]
Mode: Shortcuts HJfix -- Date : 07/10/2011 13:44:14

Bad processes: 0

File attributes restored:
Desktop: Success 166 / Fail 0
Quick launch: Success 20 / Fail 0
Programs: Success 668 / Fail 0
Start menu: Success 110 / Fail 0
User folder: Success 11248 / Fail 0
My documents: Success 900 / Fail 0
My favorites: Success 70 / Fail 0
My pictures: Success 844 / Fail 0
My music: Success 1622 / Fail 0
My videos: Success 9 / Fail 0
Local drives: Success 771 / Fail 0
Backup: [FOUND] Success 5 / Fail 231

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume5 -- 0x2 --> Restored

Finished : << RKreport[1].txt >>
RKreport[1].txt



OTL logfile created on: 7/10/2011 1:56:53 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Emmaline\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.94 Gb Available Physical Memory | 73.43% Memory free
8.00 Gb Paging File | 6.78 Gb Available in Paging File | 84.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 3.59 Gb Free Space | 4.81% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 208.69 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
Drive E: | 4.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 14.92 Gb Total Space | 14.92 Gb Free Space | 99.95% Space Free | Partition Type: FAT32
Drive G: | 239.73 Mb Total Space | 5.07 Mb Free Space | 2.11% Space Free | Partition Type: FAT

Computer Name: EMMALINE-PC | User Name: Emmaline | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/09 16:41:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Emmaline\Desktop\OTL.exe
PRC - [2011/04/03 18:31:07 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2011/01/20 19:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/06/30 21:32:40 | 000,344,064 | ---- | M] (SlipStream Data Inc.) -- C:\Program Files (x86)\Dodo Speed Accelerator\slipcore.exe
PRC - [2010/06/30 21:32:40 | 000,229,376 | ---- | M] (SlipStream Data Inc.) -- C:\Program Files (x86)\Dodo Speed Accelerator\slipgui.exe
PRC - [2009/11/25 07:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/11/13 04:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/10 13:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/10/27 14:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009/10/27 04:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009/10/10 22:59:00 | 000,239,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe
PRC - [2009/08/20 14:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009/06/20 04:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/20 04:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 11:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/19 09:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/12/23 11:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/14 15:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007/12/01 05:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/11/28 12:13:44 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe


========== Modules (SafeList) ==========

MOD - [2011/07/09 16:41:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Emmaline\Desktop\OTL.exe
MOD - [2010/08/21 15:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/09 02:52:56 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2010/09/23 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/18 05:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/30 00:06:07 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/07/30 00:06:05 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/07/30 00:05:42 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/19 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/10 13:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/10/10 22:59:00 | 000,239,720 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/09/15 11:03:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/06/16 11:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 20:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/06/01 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/06/01 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/01 17:57:53 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 16:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/23 17:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/31 03:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/31 03:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/31 03:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2009/10/15 19:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/06 02:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/11 09:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/09/05 09:13:24 | 000,216,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/08/22 07:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/21 14:24:03 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/08/19 04:44:19 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/30 00:06:59 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2009/07/30 00:06:59 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/07/30 00:06:58 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2009/07/21 03:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/06 04:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/19 08:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/02/20 03:10:14 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsnmea.sys -- (zgwhsnmea)
DRV:64bit: - [2009/02/20 03:10:10 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV:64bit: - [2009/02/20 03:10:06 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV:64bit: - [2008/05/24 11:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/04/24 05:30:34 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/03 11:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files (x86)\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files (x86)\Max_EN\tbMax_.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 61 C7 C3 65 B7 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files (x86)\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files (x86)\Max_EN\tbMax_.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010/02/19 14:16:25 | 000,000,000 | ---D | M]

[2010/03/17 10:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmaline\AppData\Roaming\Mozilla\Extensions
[2010/03/17 10:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmaline\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/07/10 13:53:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (freetrialdownloads-EN Toolbar) - {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files (x86)\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
O2 - BHO: (Max EN Toolbar) - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files (x86)\Max_EN\tbMax_.dll (Conduit Ltd.)
O2 - BHO: (NOW!Imaging) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files (x86)\Dodo Speed Accelerator\components\NOWImaging.dll (SlipStream Data Inc.)
O2 - BHO: (Prefetch) - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files (x86)\Dodo Speed Accelerator\Prefetch.dll (SlipStream Data Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (freetrialdownloads-EN Toolbar) - {5b99c55c-ae59-4d93-bc3b-ed0c8df4da08} - C:\Program Files (x86)\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Max EN Toolbar) - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files (x86)\Max_EN\tbMax_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (freetrialdownloads-EN Toolbar) - {5B99C55C-AE59-4D93-BC3B-ED0C8DF4DA08} - C:\Program Files (x86)\freetrialdownloads-EN\tbfree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Max EN Toolbar) - {867DD841-5BF7-44CA-8426-C5A6EDA00735} - C:\Program Files (x86)\Max_EN\tbMax_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Setwallpaper] File not found
O4 - HKLM..\Run: [SlipStream] C:\Program Files (x86)\Dodo Speed Accelerator\slipcore.exe (SlipStream Data Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [eHmcHPSHLtmC] File not found
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - Startup: C:\Users\Emmaline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Dodo Speed Accelerator\sliplsp.dll (SlipStream Data Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Dodo Speed Accelerator\sliplsp.dll (SlipStream Data Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Dodo Speed Accelerator\sliplsp.dll (SlipStream Data Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Dodo Speed Accelerator\sliplsp.dll (SlipStream Data Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1b2e6a27-5c3a-11e0-ad7c-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{1b2e6a27-5c3a-11e0-ad7c-001e101f63cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{61618c62-1d0c-11df-87cc-e0cb4e68cf9e}\Shell - "" = AutoRun
O33 - MountPoints2\{61618c62-1d0c-11df-87cc-e0cb4e68cf9e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{61618c67-1d0c-11df-87cc-e0cb4e68cf9e}\Shell - "" = AutoRun
O33 - MountPoints2\{61618c67-1d0c-11df-87cc-e0cb4e68cf9e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{616190ad-1d0c-11df-87cc-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{616190ad-1d0c-11df-87cc-001e101f1ed9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{616190af-1d0c-11df-87cc-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{616190af-1d0c-11df-87cc-001e101f1ed9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9a13ccc4-7cf3-11e0-94c9-e0cb4e68cf9e}\Shell - "" = AutoRun
O33 - MountPoints2\{9a13ccc4-7cf3-11e0-94c9-e0cb4e68cf9e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5de1273-60dd-11e0-9440-e0cb4e68cf9e}\Shell - "" = AutoRun
O33 - MountPoints2\{a5de1273-60dd-11e0-9440-e0cb4e68cf9e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 13:48:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/10 13:44:14 | 000,000,000 | ---D | C] -- C:\Users\Emmaline\Desktop\RK_Quarantine
[2011/07/10 13:38:20 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Emmaline\Desktop\OTL.exe
[2011/07/10 13:36:02 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Emmaline\Desktop\aswMBR.exe
[2011/06/30 14:20:37 | 000,000,000 | ---D | C] -- C:\Users\Emmaline\AppData\Local\{1EC2DE02-C53E-45CB-84AB-67886C192C60}
[2011/06/26 23:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2011/06/26 23:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2011/06/26 23:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2011/06/24 14:48:47 | 000,000,000 | ---D | C] -- C:\Users\Emmaline\AppData\Local\YoYo_Games_Ltd
[2011/06/15 15:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/15 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/15 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/06/15 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/17 10:42:41 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2011/05/17 10:42:40 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2011/05/17 10:42:40 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2011/05/17 10:42:40 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2011/05/17 10:42:40 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2011/05/17 10:42:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2011/05/17 10:42:40 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2011/05/17 10:42:40 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2011/05/17 10:42:40 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2011/05/17 10:42:40 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2011/05/17 10:42:40 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2011/05/17 10:42:40 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[2011/05/17 10:42:40 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2011/05/17 10:42:40 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2011/05/17 10:42:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/07/10 13:55:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/10 13:55:04 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/10 13:53:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/07/10 13:49:47 | 000,736,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/10 13:49:47 | 000,635,506 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/10 13:49:47 | 000,113,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/10 13:37:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/10 13:37:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/10 13:36:04 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Emmaline\Desktop\aswMBR.exe
[2011/07/10 13:34:18 | 000,516,608 | ---- | M] () -- C:\Users\Emmaline\Desktop\RogueKiller.exe
[2011/07/10 13:33:26 | 000,684,297 | ---- | M] () -- C:\Users\Emmaline\Desktop\unhide.exe
[2011/07/09 16:41:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Emmaline\Desktop\OTL.exe
[2011/07/08 14:23:20 | 000,002,038 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/07/04 14:52:10 | 000,482,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/23 20:24:17 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/06/17 17:54:55 | 000,005,632 | ---- | M] () -- C:\Users\Emmaline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/15 15:13:31 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/07/10 13:42:14 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk
[2011/07/10 13:42:14 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2011/07/10 13:42:13 | 009,789,440 | ---- | C] () -- C:\Users\Public\Desktop\Boingo Installer.msi
[2011/07/10 13:42:13 | 000,002,595 | ---- | C] () -- C:\Users\Public\Desktop\ControlDeck.lnk
[2011/07/10 13:42:13 | 000,002,595 | ---- | C] () -- C:\Users\Public\Desktop\AI Recovery Burner.lnk
[2011/07/10 13:42:13 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\Picture Package Music Transfer.lnk
[2011/07/10 13:42:13 | 000,002,256 | ---- | C] () -- C:\Users\Public\Desktop\PMB - Picture Motion Browser.lnk
[2011/07/10 13:42:13 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\Image Export Tool.lnk
[2011/07/10 13:42:13 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/10 13:42:13 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/07/10 13:42:13 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\ASUS WebStorage.lnk
[2011/07/10 13:42:13 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/07/10 13:42:13 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/10 13:42:13 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\ASUS MultiFrame.lnk
[2011/07/10 13:42:13 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\ASUS Data Security Manager.Lnk
[2011/07/10 13:42:13 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/07/10 13:42:13 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\LifeFrame.lnk
[2011/07/10 13:42:13 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\ASUS ACCESS.lnk
[2011/07/10 13:42:13 | 000,000,128 | ---- | C] () -- C:\Users\Public\Desktop\ASUS AP Bank.url
[2011/07/10 13:42:05 | 000,002,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
[2011/07/10 13:42:05 | 000,002,617 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2011/07/10 13:42:05 | 000,002,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dodo Speed Accelerator.lnk
[2011/07/10 13:42:03 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/07/10 13:42:03 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/07/10 13:42:03 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/07/10 13:42:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/10 13:42:03 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011/07/10 13:42:03 | 000,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/07/10 13:42:03 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/07/10 13:42:03 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/07/10 13:42:03 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/07/10 13:42:03 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/07/10 13:42:03 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/07/10 13:42:03 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/07/10 13:42:03 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/07/10 13:42:03 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/07/10 13:42:03 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/07/10 13:42:03 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/07/10 13:42:03 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/07/10 13:38:20 | 000,516,608 | ---- | C] () -- C:\Users\Emmaline\Desktop\RogueKiller.exe
[2011/07/10 13:38:19 | 000,684,297 | ---- | C] () -- C:\Users\Emmaline\Desktop\unhide.exe
[2011/05/17 10:42:41 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2011/05/17 10:42:40 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2011/03/03 05:23:29 | 000,005,632 | ---- | C] () -- C:\Users\Emmaline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/24 05:43:16 | 000,722,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/24 05:26:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/04/24 05:19:39 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/01/15 21:00:47 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/01/15 20:49:55 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/10/26 13:38:20 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/10/10 22:59:00 | 000,095,848 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll
[2009/08/19 18:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 18:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 15:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/02/19 15:00:22 | 000,000,000 | ---D | M] -- C:\Users\Emmaline\AppData\Roaming\Asus WebStorage
[2011/07/10 13:57:15 | 000,000,000 | ---D | M] -- C:\Users\Emmaline\AppData\Roaming\BitTorrent
[2011/06/01 18:02:15 | 000,000,000 | ---D | M] -- C:\Users\Emmaline\AppData\Roaming\DAEMON Tools Lite
[2011/07/04 20:50:59 | 000,000,000 | ---D | M] -- C:\Users\Emmaline\AppData\Roaming\FrostWire
[2010/02/20 02:37:54 | 000,000,000 | ---D | M] -- C:\Users\Emmaline\AppData\Roaming\GameConsole
[2011/05/20 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Emmaline\AppData\Roaming\GameMaker
[2011/06/01 22:41:30 | 000,000,000 | ---D | M] -- C:\Users\Emmaline\AppData\Roaming\ImgBurn
[2010/12/18 04:39:35 | 000,000,000 | ---D | M] -- C:\Users\Emmaline\AppData\Roaming\Samsung
[2010/11/05 10:40:19 | 000,000,000 | ---D | M] -- C:\Users\Emmaline\AppData\Roaming\Uniblue
[2011/02/04 02:42:30 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:15024E60
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B88E99C8

< End of report >


aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-10 14:01:35
-----------------------------
14:01:35.408 OS Version: Windows x64 6.1.7600
14:01:35.408 Number of processors: 2 586 0x170A
14:01:35.408 ComputerName: EMMALINE-PC UserName: Emmaline
14:01:36.578 Initialize success
14:03:37.185 AVAST engine defs: 11070901
14:03:56.934 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
14:03:56.950 Disk 0 Vendor: ST932032 0002 Size: 305245MB BusType: 3
14:03:59.025 Disk 0 MBR read successfully
14:03:59.040 Disk 0 MBR scan
14:03:59.040 Disk 0 unknown MBR code
14:03:59.056 Service scanning
14:04:08.931 Disk 0 trace - called modules:
14:04:08.946 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004232254]<<
14:04:08.962 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004213060]
14:04:08.962 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800413ce40]
14:04:08.962 5 ACPI.sys[fffff88000ec6781] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa8004078730]
14:04:08.978 \Driver\nvstor64[0xfffffa8004075ac0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004232254
14:04:10.257 AVAST engine scan C:\Windows
14:24:23.588 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
14:24:24.493 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
14:24:24.633 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
14:24:24.867 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
14:24:24.961 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
14:24:25.117 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
14:24:35.616 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
15:26:28.353 AVAST engine scan C:\Users\Emmaline
15:28:54.525 File: C:\Users\Emmaline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ZTTRG0Y\calc[1].exe **INFECTED** Win32:Rootkit-gen [Rtk]
15:31:18.841 File: C:\Users\Emmaline\AppData\Local\Temp\Low\9b88.exe **INFECTED** Win32:Dropper-GTG [Drp]
15:31:20.027 File: C:\Users\Emmaline\AppData\Local\Temp\Low\tmp674B.tmp **INFECTED** Win32:Rootkit-gen [Rtk]
15:43:02.588 AVAST engine scan C:\ProgramData
15:45:48.229 Scan finished successfully
15:53:41.418 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
15:53:41.434 The log file has been saved successfully to "F:\log thingyyy.txt"
  • 0

#4
Essexboy
Posted 12 July 2011 - 10:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it is now time to find out what variant of TDL you have

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL


    :Files
    ipconfig /flushdns /c
    attrib -H c:\*.* /s /d /c
    C:\Users\Emmaline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ZTTRG0Y\calc[1].exe
    C:\Users\Emmaline\AppData\Local\Temp\Low\9b88.exe
    C:\Users\Emmaline\AppData\Local\Temp\Low\tmp674B.tmp

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
bloggs24
Posted 14 July 2011 - 07:03 AM

bloggs24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi, the otl log file was over 20mb so i'll have to upload it...

2011/07/13 20:44:05.0692 1504 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/13 20:44:05.0786 1504 ================================================================================
2011/07/13 20:44:05.0786 1504 SystemInfo:
2011/07/13 20:44:05.0786 1504
2011/07/13 20:44:05.0786 1504 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/13 20:44:05.0786 1504 Product type: Workstation
2011/07/13 20:44:05.0786 1504 ComputerName: EMMALINE-PC
2011/07/13 20:44:05.0786 1504 UserName: Emmaline
2011/07/13 20:44:05.0786 1504 Windows directory: C:\Windows
2011/07/13 20:44:05.0786 1504 System windows directory: C:\Windows
2011/07/13 20:44:05.0786 1504 Running under WOW64
2011/07/13 20:44:05.0786 1504 Processor architecture: Intel x64
2011/07/13 20:44:05.0786 1504 Number of processors: 2
2011/07/13 20:44:05.0786 1504 Page size: 0x1000
2011/07/13 20:44:05.0786 1504 Boot type: Normal boot
2011/07/13 20:44:05.0786 1504 ================================================================================
2011/07/13 20:44:17.0252 1504 Initialize success
2011/07/13 20:44:23.0320 2040 ================================================================================
2011/07/13 20:44:23.0320 2040 Scan started
2011/07/13 20:44:23.0320 2040 Mode: Manual;
2011/07/13 20:44:23.0320 2040 ================================================================================
2011/07/13 20:44:26.0768 2040 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/13 20:44:26.0814 2040 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/13 20:44:26.0877 2040 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/13 20:44:26.0939 2040 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/13 20:44:26.0970 2040 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/13 20:44:27.0080 2040 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/13 20:44:27.0267 2040 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/13 20:44:27.0329 2040 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/13 20:44:27.0454 2040 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/13 20:44:27.0485 2040 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/13 20:44:27.0516 2040 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/13 20:44:27.0548 2040 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/13 20:44:27.0594 2040 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/07/13 20:44:27.0641 2040 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/13 20:44:27.0672 2040 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/07/13 20:44:27.0750 2040 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
2011/07/13 20:44:27.0875 2040 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/13 20:44:28.0000 2040 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/13 20:44:28.0016 2040 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/13 20:44:28.0187 2040 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
2011/07/13 20:44:28.0312 2040 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
2011/07/13 20:44:28.0452 2040 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/13 20:44:28.0515 2040 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/13 20:44:28.0577 2040 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/13 20:44:28.0827 2040 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/13 20:44:28.0905 2040 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/13 20:44:28.0967 2040 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/13 20:44:29.0014 2040 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/13 20:44:29.0092 2040 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/13 20:44:29.0154 2040 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/13 20:44:29.0170 2040 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/13 20:44:29.0217 2040 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/13 20:44:29.0248 2040 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/13 20:44:29.0279 2040 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/13 20:44:29.0295 2040 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/13 20:44:29.0326 2040 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/13 20:44:29.0420 2040 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/13 20:44:29.0466 2040 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/13 20:44:29.0529 2040 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/13 20:44:29.0591 2040 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/13 20:44:29.0716 2040 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/13 20:44:29.0747 2040 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/13 20:44:29.0794 2040 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/13 20:44:29.0919 2040 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/13 20:44:29.0966 2040 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/13 20:44:30.0090 2040 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/13 20:44:30.0246 2040 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/13 20:44:30.0293 2040 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/13 20:44:30.0356 2040 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/13 20:44:30.0449 2040 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/13 20:44:30.0527 2040 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/07/13 20:44:30.0590 2040 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/13 20:44:30.0714 2040 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/13 20:44:30.0995 2040 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/13 20:44:31.0042 2040 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/13 20:44:31.0089 2040 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
2011/07/13 20:44:31.0198 2040 ewusbnet (bc02aa6c20f6851f42d7b7755274ad29) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/07/13 20:44:31.0260 2040 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/13 20:44:31.0292 2040 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/13 20:44:31.0338 2040 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/13 20:44:31.0401 2040 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/13 20:44:31.0432 2040 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/13 20:44:31.0479 2040 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/13 20:44:31.0541 2040 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/13 20:44:31.0588 2040 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/13 20:44:31.0650 2040 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/13 20:44:31.0682 2040 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/13 20:44:31.0775 2040 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/13 20:44:31.0822 2040 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/13 20:44:31.0884 2040 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/13 20:44:31.0947 2040 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/13 20:44:32.0009 2040 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/13 20:44:32.0056 2040 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/13 20:44:32.0087 2040 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/13 20:44:32.0134 2040 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/13 20:44:32.0165 2040 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/13 20:44:32.0228 2040 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/13 20:44:32.0306 2040 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/13 20:44:32.0352 2040 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/13 20:44:32.0508 2040 hwdatacard (8f9b0fc4ec3a8194bd4cbc5ed3e7abeb) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/07/13 20:44:32.0555 2040 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/13 20:44:32.0711 2040 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/13 20:44:32.0789 2040 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/07/13 20:44:32.0852 2040 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/13 20:44:32.0976 2040 IntcAzAudAddService (181e4ff75674a7105ecd0a02c35ef43a) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/13 20:44:33.0023 2040 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/13 20:44:33.0070 2040 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/13 20:44:33.0117 2040 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/13 20:44:33.0148 2040 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/13 20:44:33.0242 2040 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/13 20:44:33.0273 2040 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/13 20:44:33.0320 2040 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/13 20:44:33.0382 2040 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/13 20:44:33.0413 2040 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/13 20:44:33.0476 2040 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/07/13 20:44:33.0538 2040 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/13 20:44:33.0600 2040 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/13 20:44:33.0647 2040 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/13 20:44:33.0819 2040 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/13 20:44:33.0897 2040 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/13 20:44:33.0959 2040 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/13 20:44:34.0006 2040 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/13 20:44:34.0115 2040 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/13 20:44:34.0162 2040 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/13 20:44:34.0240 2040 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/13 20:44:34.0287 2040 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/13 20:44:34.0349 2040 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/13 20:44:34.0458 2040 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/13 20:44:34.0521 2040 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/13 20:44:34.0630 2040 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/13 20:44:34.0692 2040 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/13 20:44:34.0724 2040 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/13 20:44:34.0755 2040 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/13 20:44:34.0802 2040 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/13 20:44:34.0848 2040 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/13 20:44:34.0895 2040 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/13 20:44:34.0911 2040 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/13 20:44:34.0958 2040 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/13 20:44:34.0989 2040 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/13 20:44:35.0082 2040 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/13 20:44:35.0129 2040 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/13 20:44:35.0145 2040 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/13 20:44:35.0223 2040 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/13 20:44:35.0254 2040 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/13 20:44:35.0301 2040 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/13 20:44:35.0348 2040 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/13 20:44:35.0394 2040 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/13 20:44:35.0441 2040 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/13 20:44:35.0472 2040 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/13 20:44:35.0519 2040 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
2011/07/13 20:44:35.0535 2040 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/13 20:44:35.0675 2040 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/13 20:44:35.0753 2040 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/13 20:44:35.0831 2040 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/13 20:44:35.0894 2040 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/13 20:44:35.0909 2040 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/13 20:44:35.0940 2040 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/13 20:44:35.0972 2040 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/13 20:44:36.0003 2040 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/13 20:44:36.0034 2040 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/13 20:44:36.0128 2040 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/13 20:44:36.0190 2040 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/13 20:44:36.0206 2040 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/13 20:44:36.0284 2040 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/07/13 20:44:36.0393 2040 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/13 20:44:36.0440 2040 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
2011/07/13 20:44:36.0767 2040 nvlddmkm (e905b9dcf50f769054131d3187ec44ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/13 20:44:36.0939 2040 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/07/13 20:44:37.0017 2040 nvsmu (a1381b3d52850bc4f0cc8b4697bd891c) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/07/13 20:44:37.0095 2040 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/07/13 20:44:37.0142 2040 nvstor64 (ebfe363aab0d6e4086adbf04c41ebdf8) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/07/13 20:44:37.0188 2040 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/13 20:44:37.0266 2040 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/13 20:44:37.0360 2040 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/13 20:44:37.0391 2040 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/13 20:44:37.0438 2040 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/13 20:44:37.0454 2040 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/13 20:44:37.0500 2040 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/13 20:44:37.0532 2040 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/13 20:44:37.0578 2040 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/13 20:44:37.0766 2040 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/13 20:44:37.0812 2040 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/13 20:44:37.0906 2040 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/13 20:44:38.0015 2040 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/13 20:44:38.0187 2040 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/13 20:44:38.0234 2040 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/13 20:44:38.0280 2040 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/13 20:44:38.0343 2040 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/13 20:44:38.0390 2040 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/13 20:44:38.0436 2040 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/13 20:44:38.0483 2040 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/13 20:44:38.0530 2040 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/13 20:44:38.0561 2040 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/13 20:44:38.0592 2040 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/13 20:44:38.0639 2040 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/13 20:44:38.0686 2040 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/13 20:44:38.0717 2040 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/13 20:44:38.0780 2040 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/13 20:44:38.0858 2040 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/13 20:44:38.0936 2040 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/13 20:44:38.0982 2040 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/13 20:44:39.0014 2040 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/13 20:44:39.0092 2040 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/13 20:44:39.0185 2040 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/13 20:44:39.0232 2040 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/13 20:44:39.0326 2040 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/13 20:44:39.0435 2040 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/13 20:44:39.0466 2040 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/13 20:44:39.0497 2040 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/13 20:44:39.0528 2040 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/13 20:44:39.0591 2040 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
2011/07/13 20:44:39.0653 2040 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/13 20:44:39.0684 2040 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/13 20:44:39.0731 2040 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/13 20:44:39.0872 2040 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/07/13 20:44:39.0918 2040 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/13 20:44:39.0981 2040 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/13 20:44:40.0028 2040 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/13 20:44:40.0074 2040 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/13 20:44:40.0324 2040 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/13 20:44:40.0371 2040 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/13 20:44:40.0496 2040 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/13 20:44:40.0698 2040 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/13 20:44:40.0761 2040 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/13 20:44:40.0823 2040 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/13 20:44:40.0839 2040 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/13 20:44:40.0886 2040 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/13 20:44:40.0917 2040 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/13 20:44:41.0135 2040 tmlwf (35a6aeb61c7cf21b10cc05bda47339b5) C:\Windows\system32\DRIVERS\tmlwf.sys
2011/07/13 20:44:41.0619 2040 tmpreflt (803ee35df92815ea5d41cee7410c8cc1) C:\Windows\system32\DRIVERS\tmpreflt.sys
2011/07/13 20:44:41.0759 2040 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/07/13 20:44:41.0806 2040 tmwfp (a4670e50c15d7bce7226e4b62700df09) C:\Windows\system32\DRIVERS\tmwfp.sys
2011/07/13 20:44:41.0931 2040 tmxpflt (9bd32132a3470cefb3cbea5fa492bd6f) C:\Windows\system32\DRIVERS\tmxpflt.sys
2011/07/13 20:44:41.0993 2040 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/13 20:44:42.0040 2040 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/13 20:44:42.0071 2040 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/13 20:44:42.0118 2040 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/13 20:44:42.0165 2040 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/13 20:44:42.0196 2040 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/13 20:44:42.0227 2040 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/13 20:44:42.0290 2040 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/13 20:44:42.0321 2040 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/13 20:44:42.0368 2040 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/13 20:44:42.0414 2040 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/13 20:44:42.0461 2040 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/13 20:44:42.0492 2040 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/13 20:44:42.0555 2040 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/13 20:44:42.0602 2040 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/13 20:44:42.0664 2040 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/13 20:44:42.0711 2040 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/07/13 20:44:42.0789 2040 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/13 20:44:42.0851 2040 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/07/13 20:44:42.0929 2040 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/13 20:44:42.0976 2040 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/13 20:44:43.0023 2040 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/13 20:44:43.0038 2040 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/13 20:44:43.0070 2040 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/13 20:44:43.0101 2040 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/13 20:44:43.0148 2040 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/13 20:44:43.0179 2040 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/13 20:44:43.0304 2040 vsapint (b01ce1f5a44126892240d179a6dbd43f) C:\Windows\system32\DRIVERS\vsapint.sys
2011/07/13 20:44:43.0444 2040 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/13 20:44:43.0491 2040 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/13 20:44:43.0522 2040 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/13 20:44:43.0569 2040 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/13 20:44:43.0616 2040 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 20:44:43.0631 2040 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 20:44:43.0772 2040 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/13 20:44:43.0834 2040 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/13 20:44:43.0959 2040 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/13 20:44:44.0021 2040 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/07/13 20:44:44.0052 2040 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/13 20:44:44.0240 2040 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/13 20:44:44.0364 2040 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/13 20:44:44.0458 2040 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/13 20:44:44.0505 2040 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/13 20:44:44.0567 2040 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/13 20:44:44.0661 2040 zgwhsdiag (fe7f35a06c1e6c60eaeb38d33983348a) C:\Windows\system32\DRIVERS\zgwhsdiag.sys
2011/07/13 20:44:44.0723 2040 zgwhsmdm (fe7f35a06c1e6c60eaeb38d33983348a) C:\Windows\system32\DRIVERS\zgwhsmdm.sys
2011/07/13 20:44:44.0786 2040 zgwhsnmea (fe7f35a06c1e6c60eaeb38d33983348a) C:\Windows\system32\DRIVERS\zgwhsnmea.sys
2011/07/13 20:44:44.0895 2040 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/13 20:44:44.0926 2040 Boot (0x1200) (2bfe1e7e3aec818ca1a70619613ba89e) \Device\Harddisk0\DR0\Partition0
2011/07/13 20:44:44.0957 2040 Boot (0x1200) (1ba7bff49712f4285ed24360af32e7d5) \Device\Harddisk0\DR0\Partition1
2011/07/13 20:44:44.0957 2040 ================================================================================
2011/07/13 20:44:44.0957 2040 Scan finished
2011/07/13 20:44:44.0957 2040 ================================================================================
2011/07/13 20:44:44.0973 2592 Detected object count: 0
2011/07/13 20:44:44.0973 2592 Actual detected object count: 0


The redirect problem is not fixed.
Also i'm unable to change my background, looks like it has change the settings in regedit, how do i change it back.
  • 0

#6
bloggs24
Posted 14 July 2011 - 07:03 AM

bloggs24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Sry, double post.

Edited by bloggs24, 14 July 2011 - 07:06 AM.

  • 0

#7
Essexboy
Posted 14 July 2011 - 10:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can cure the redirects now

Re-Run aswMBR

Click Scan

On completion of the scan

Click the FIXMBR Button

Posted Image

Reboot and then run a fresh aswMBR scan please
Save the log as before and post in your next reply
  • 0

#8
bloggs24
Posted 16 July 2011 - 02:51 AM

bloggs24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
The redirects still arent fixed, it didnt seem like aswMBR did anything when i hit Fixmbr.

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-16 16:26:55
-----------------------------
16:26:55.410 OS Version: Windows x64 6.1.7600
16:26:55.410 Number of processors: 2 586 0x170A
16:26:55.426 ComputerName: EMMALINE-PC UserName: Emmaline
16:26:57.064 Initialize success
16:27:01.244 AVAST engine defs: 11071500
16:27:08.186 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006e
16:27:08.186 Disk 0 Vendor: ST932032 0002 Size: 305245MB BusType: 3
16:27:10.230 Disk 0 MBR read successfully
16:27:10.230 Disk 0 MBR scan
16:27:10.230 Disk 0 unknown MBR code
16:27:10.230 Service scanning
16:27:19.013 Disk 0 trace - called modules:
16:27:19.028 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004233254]<<
16:27:19.028 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042136e0]
16:27:19.044 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800413cc20]
16:27:19.044 5 ACPI.sys[fffff88000f80781] -> nt!IofCallDriver -> \Device\0000006e[0xfffffa8004076630]
16:27:19.060 \Driver\nvstor64[0xfffffa8004074ac0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004233254
16:27:19.746 AVAST engine scan C:\Windows
16:46:48.638 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
16:46:49.528 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
16:46:49.668 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
16:46:49.918 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
16:46:50.027 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
16:46:50.198 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
16:47:01.586 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
17:48:31.705 AVAST engine scan C:\Users\Emmaline
17:54:36.714 AVAST engine scan C:\ProgramData
17:55:09.427 Scan finished successfully
18:29:57.487 Disk 0 MBR has been saved successfully to "C:\Users\Emmaline\Desktop\MBR.dat"
18:29:57.503 The log file has been saved successfully to "C:\Users\Emmaline\Desktop\aswMBR.txt"

Edited by bloggs24, 16 July 2011 - 03:00 AM.

  • 0

#9
Essexboy
Posted 16 July 2011 - 04:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you download and run the updated version of aswMBR, we will try that and if it fails we will need to use the windows recovery console. Do you have the windows disc ? If not I can give you a link to download and burn the recovery console

Download aswMBR.exe ( 1.8mb ) to your desktop. This will be version 0.9.7.750

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#10
bloggs24
Posted 16 July 2011 - 10:36 PM

bloggs24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Don't know if it related but the computer crashed once while doing a scan.

aswMBR version 0.9.7.753 Copyright© 2011 AVAST Software
Run date: 2011-07-17 12:23:17
-----------------------------
12:23:17.483 OS Version: Windows x64 6.1.7600
12:23:17.483 Number of processors: 2 586 0x170A
12:23:17.483 ComputerName: EMMALINE-PC UserName: Emmaline
12:23:18.387 Initialize success
12:23:22.537 AVAST engine defs: 11071601
12:23:32.505 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
12:23:32.521 Disk 0 Vendor: ST932032 0002 Size: 305245MB BusType: 3
12:23:34.565 Disk 0 MBR read successfully
12:23:34.565 Disk 0 MBR scan
12:23:34.565 Disk 0 unknown MBR code
12:23:34.580 Service scanning
12:23:35.922 Disk 0 trace - called modules:
12:23:35.984 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800420d254]<<
12:23:35.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80041ee060]
12:23:35.984 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80044cbe40]
12:23:36.000 5 ACPI.sys[fffff88000f80781] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa80040a6760]
12:23:36.000 \Driver\nvstor64[0xfffffa80036ac060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800420d254
12:23:36.749 AVAST engine scan C:\Windows
13:38:36.491 AVAST engine scan C:\Users\Emmaline
13:51:49.802 AVAST engine scan C:\ProgramData
13:54:43.040 Scan finished successfully
14:18:03.357 Disk 0 MBR has been saved successfully to "C:\Users\Emmaline\Desktop\MBR.dat"
14:18:03.357 The log file has been saved successfully to "C:\Users\Emmaline\Desktop\aswMBR.txt"
  • 0

Advertisements

#11
Essexboy
Posted 17 July 2011 - 03:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have a windows CD ?

If not could you create a recovery CD using the method described on this page..


The reasoning behind this is that we will need to fix the MBR whilst windows is inactive and this is the best and safest way to do it
  • 0

#12
bloggs24
Posted 18 July 2011 - 03:05 AM

bloggs24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok, ive created the recovery cd
  • 0

#13
Essexboy
Posted 18 July 2011 - 11:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets fix the MBR and see how it runs on completion

  • Insert the disc and select start from the cd
  • Select Repair your computer.
  • Select the operating system you want to repair, and then click Next
  • Select command prompt
  • Type in the following command

    Bootrec.exe /FixMbr
  • Once finished type Exit

Reboot to normal windows and re-run an aswMBR scan please and post the resultant log
  • 0

#14
bloggs24
Posted 20 July 2011 - 06:55 PM

bloggs24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok, i think i have a serious problem now. Ive done what you've said, however only thing different was that i changed the boot priority settings because i couldn't get it to boot from disk. After all that, when i rebooted the computer, im getting the bsod, it flashes and restarts the computer. I've tried changing the boot priority settings back, i booted the recovery cd and tried both repair and system recovery, but they both fail to fix the problem.

EDIT: I've disabled auto restart on system failure, and the stop error is 0x0000007B

Edited by bloggs24, 20 July 2011 - 07:09 PM.

  • 0

#15
Essexboy
Posted 21 July 2011 - 11:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you first confirm that you have set the boot device back to the HDD

Can you access safe mode?
Boot the computer and press then hold F8 at the menu select safe mode

If that fails

Could you use the recovery cd again please - select command prompt and type in the following

Bootrec.exe /FixBoot
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP