Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect virus


  • This topic is locked This topic is locked

#1
hafunui

hafunui

    Member

  • Member
  • PipPip
  • 13 posts
Seems I've just got one of those google redirecting viruses. It does not redirect every link though, just results for wikipedia and some malware removal sites. Google also responds very slowly while all other sites are normal. I've followed the instruction in the "Google redirects" topic with no success.

I suppose I'll start off by posting the OTL log. While skimming through it I noticed that in "Windows\Tasks\" there are "GoogleUpdateTaskMachineCore.job" and "GoogleUpdateTaskMachineUA.job". I'm not an expert, but these are recent files and are a rather suspicious so I thought I should mention it.

OTL logfile created on: 7/21/2011 9:51:46 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Nathan\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 62.87% Memory free
8.00 Gb Paging File | 6.31 Gb Available in Paging File | 78.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 38.34 Gb Free Space | 16.47% Space Free | Partition Type: NTFS
Drive L: | 465.65 Gb Total Space | 60.50 Gb Free Space | 12.99% Space Free | Partition Type: FAT32
Drive Z: | 279.47 Gb Total Space | 67.76 Gb Free Space | 24.24% Space Free | Partition Type: NTFS

Computer Name: NATHANS-PC | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nathan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe (Binary Fortress Software)
PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Nathan\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.dll (Binary Fortress Software)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TabletServiceWacom) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (uxpatch) -- C:\Windows\SysNative\drivers\uxpatch.sys ()
DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV:64bit: - (CTEDSPSY.DLL) -- C:\Windows\SysNative\CTEDSPSY.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEDSPIO.DLL) -- C:\Windows\SysNative\CTEDSPIO.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEDSPFX.DLL) -- C:\Windows\SysNative\CTEDSPFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEAPSFX.DLL) -- C:\Windows\SysNative\CTEAPSFX.DLL (Creative Technology Ltd)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 02 28 32 51 54 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 17:44:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/25 21:51:56 | 000,000,000 | ---D | M]

[2010/11/19 16:36:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Extensions
[2011/07/20 16:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\f4ovxkq4.default\extensions
[2011/02/03 09:46:59 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\f4ovxkq4.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/06/22 17:44:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\f4ovxkq4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/22 22:14:51 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\f4ovxkq4.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
[2011/03/25 21:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 19:35:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/20 21:25:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\NATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4OVXKQ4.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\NATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4OVXKQ4.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\NATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4OVXKQ4.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\NATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4OVXKQ4.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\NATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4OVXKQ4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\NATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4OVXKQ4.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/06/22 17:44:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/10/27 08:18:18 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/21 09:20:08 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AsioReg] File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [kFssrqWUYlqst] File not found
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/31 17:24:24 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/07/05 14:42:20 | 000,000,037 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{ef8bf434-c051-11de-94a9-00241dd8b335}\Shell - "" = AutoRun
O33 - MountPoints2\{ef8bf434-c051-11de-94a9-00241dd8b335}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AutoRunCD.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/21 09:44:32 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Desktop\GooredFix Backups
[2011/07/21 09:20:05 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/21 09:10:11 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Desktop\Kaspersky
[2011/07/19 17:23:18 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
[2011/07/15 19:17:28 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2011/07/13 18:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/07/09 12:03:15 | 000,000,000 | -H-D | C] -- C:\Users\Nathan\AppData\Local\Nem's Tools
[2011/07/09 12:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nem's Tools
[2011/07/09 12:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Nem's Tools
[2011/07/09 12:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RADVideo
[2011/07/09 12:02:24 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker
[2011/07/08 15:42:42 | 000,000,000 | -H-D | C] -- C:\Users\Nathan\AppData\Local\SKIDROW
[2011/07/08 15:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011/07/07 19:03:58 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\PunkBuster
[2011/06/29 12:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2009/06/23 11:49:14 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009/06/23 11:20:00 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2009/05/14 23:15:24 | 005,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 23:15:24 | 004,397,928 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll

========== Files - Modified Within 30 Days ==========

[2011/07/21 09:45:16 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 09:45:16 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 09:38:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/21 09:38:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/21 09:37:50 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/21 09:37:02 | 000,033,688 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2011/07/21 09:37:02 | 000,033,688 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2011/07/21 09:37:02 | 000,029,604 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2011/07/21 09:37:02 | 000,029,604 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2011/07/21 09:37:02 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2011/07/21 09:20:08 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/07/21 08:57:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/20 16:23:50 | 000,000,755 | ---- | M] () -- C:\Users\Public\Desktop\The Elder Scrolls Construction Set.lnk
[2011/07/20 16:12:26 | 000,000,653 | ---- | M] () -- C:\Users\Public\Desktop\Morrowind.lnk
[2011/07/19 17:23:18 | 000,000,679 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
[2011/07/19 17:23:18 | 000,000,655 | ---- | M] () -- C:\Users\Nathan\Desktop\System Repair.lnk
[2011/07/16 18:51:33 | 000,018,420 | ---- | M] () -- C:\Users\Nathan\Documents\tawrateaet.ltree
[2011/07/16 13:18:37 | 000,019,668 | ---- | M] () -- C:\Users\Nathan\Documents\serTest.ltree
[2011/07/16 13:17:18 | 000,015,588 | ---- | M] () -- C:\Users\Nathan\Documents\qweqweqwe.ltree
[2011/07/16 13:15:09 | 000,010,878 | ---- | M] () -- C:\Users\Nathan\Documents\SomeLocationTree.ltree
[2011/07/15 22:12:10 | 000,000,132 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/13 18:52:19 | 000,002,243 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/13 11:18:02 | 004,855,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/07 19:04:08 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/07 19:04:00 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/05 13:46:10 | 000,004,669 | ---- | M] () -- C:\Users\Nathan\Documents\qwe.locations
[2011/07/05 13:45:19 | 000,004,669 | ---- | M] () -- C:\Users\Nathan\Documents\.testlocations
[2011/07/05 13:43:25 | 000,004,669 | ---- | M] () -- C:\Users\Nathan\Documents\qwelocations
[2011/07/05 13:38:04 | 000,004,669 | ---- | M] () -- C:\Users\Nathan\Documents\asd
[2011/07/02 18:07:54 | 000,060,038 | ---- | M] () -- C:\Users\Nathan\Documents\IMG_1709 (Small).jpg
[2011/07/02 18:07:38 | 000,087,720 | ---- | M] () -- C:\Users\Nathan\Documents\IMG_1713 (Medium).jpg
[2011/06/29 21:24:12 | 000,806,746 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/29 21:24:12 | 000,669,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/29 21:24:12 | 000,124,982 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/27 15:37:29 | 000,093,126 | ---- | M] () -- C:\Users\Nathan\Documents\P1010030-1.jpg
[2011/06/23 11:37:57 | 000,117,238 | ---- | M] () -- C:\Users\Nathan\Documents\Canisters2.png
[2011/06/23 11:37:51 | 000,168,103 | ---- | M] () -- C:\Users\Nathan\Documents\Canisters2.exr
[2011/06/23 11:18:06 | 000,597,132 | ---- | M] () -- C:\Users\Nathan\Documents\CanisterCartridge.blend
[2011/06/23 11:00:39 | 000,529,236 | ---- | M] () -- C:\Users\Nathan\Documents\CanisterCartridge.blend1
[2011/06/22 22:14:09 | 000,070,888 | ---- | M] () -- C:\Users\Nathan\Documents\CanisterCartridges.png
[2011/06/22 19:47:11 | 000,094,089 | ---- | M] () -- C:\Users\Nathan\Documents\cc098.jpg
[2011/06/22 19:45:13 | 000,012,708 | ---- | M] () -- C:\Users\Nathan\Documents\Engine-Hoist.jpg
[2011/06/22 19:44:01 | 000,120,277 | ---- | M] () -- C:\Users\Nathan\Documents\hoist.jpg
[2011/06/22 17:55:26 | 000,002,052 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/07/20 16:23:50 | 000,000,755 | ---- | C] () -- C:\Users\Public\Desktop\The Elder Scrolls Construction Set.lnk
[2011/07/20 16:12:26 | 000,000,653 | ---- | C] () -- C:\Users\Public\Desktop\Morrowind.lnk
[2011/07/19 17:23:18 | 000,000,679 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
[2011/07/19 17:23:18 | 000,000,655 | ---- | C] () -- C:\Users\Nathan\Desktop\System Repair.lnk
[2011/07/16 18:51:32 | 000,018,420 | ---- | C] () -- C:\Users\Nathan\Documents\tawrateaet.ltree
[2011/07/16 13:18:37 | 000,019,668 | ---- | C] () -- C:\Users\Nathan\Documents\serTest.ltree
[2011/07/16 13:17:17 | 000,015,588 | ---- | C] () -- C:\Users\Nathan\Documents\qweqweqwe.ltree
[2011/07/16 13:15:08 | 000,010,878 | ---- | C] () -- C:\Users\Nathan\Documents\SomeLocationTree.ltree
[2011/07/13 18:52:19 | 000,002,243 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/05 13:45:52 | 000,004,669 | ---- | C] () -- C:\Users\Nathan\Documents\qwe.locations
[2011/07/05 13:45:16 | 000,004,669 | ---- | C] () -- C:\Users\Nathan\Documents\.testlocations
[2011/07/05 13:43:11 | 000,004,669 | ---- | C] () -- C:\Users\Nathan\Documents\qwelocations
[2011/07/05 13:38:02 | 000,004,669 | ---- | C] () -- C:\Users\Nathan\Documents\asd
[2011/07/02 18:07:53 | 000,060,038 | ---- | C] () -- C:\Users\Nathan\Documents\IMG_1709 (Small).jpg
[2011/07/02 18:07:35 | 000,087,720 | ---- | C] () -- C:\Users\Nathan\Documents\IMG_1713 (Medium).jpg
[2011/06/27 15:37:27 | 000,093,126 | ---- | C] () -- C:\Users\Nathan\Documents\P1010030-1.jpg
[2011/06/23 11:37:57 | 000,117,238 | ---- | C] () -- C:\Users\Nathan\Documents\Canisters2.png
[2011/06/23 11:37:51 | 000,168,103 | ---- | C] () -- C:\Users\Nathan\Documents\Canisters2.exr
[2011/06/22 22:14:09 | 000,070,888 | ---- | C] () -- C:\Users\Nathan\Documents\CanisterCartridges.png
[2011/06/22 19:47:04 | 000,094,089 | ---- | C] () -- C:\Users\Nathan\Documents\cc098.jpg
[2011/06/22 19:45:12 | 000,012,708 | ---- | C] () -- C:\Users\Nathan\Documents\Engine-Hoist.jpg
[2011/06/22 19:43:57 | 000,120,277 | ---- | C] () -- C:\Users\Nathan\Documents\hoist.jpg
[2011/06/22 18:36:16 | 000,597,132 | ---- | C] () -- C:\Users\Nathan\Documents\CanisterCartridge.blend
[2011/06/22 18:36:16 | 000,529,236 | ---- | C] () -- C:\Users\Nathan\Documents\CanisterCartridge.blend1
[2011/05/22 10:28:51 | 000,009,566 | -HS- | C] () -- C:\Users\Nathan\AppData\Local\w7wk868rbh6
[2011/05/22 10:28:51 | 000,009,566 | -HS- | C] () -- C:\ProgramData\w7wk868rbh6
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/02 10:34:44 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\jsound.dll
[2011/04/02 10:34:44 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\jmmpa.dll
[2011/04/02 10:34:44 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\jmh261.dll
[2011/04/02 10:34:44 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\jmvh263.dll
[2011/04/02 10:34:44 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\jmjpeg.dll
[2011/04/02 10:34:44 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\jmh263enc.dll
[2011/04/02 10:34:44 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\jmg723.dll
[2011/04/02 10:34:44 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\jmmpegv.dll
[2011/04/02 10:34:44 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\jmutil.dll
[2011/04/02 10:34:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\jmgsm.dll
[2011/04/02 10:34:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\jmam.dll
[2011/04/02 10:34:44 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmcvid.dll
[2011/04/02 10:34:44 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmacm.dll
[2011/04/02 10:34:44 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\jmvfw.dll
[2011/04/02 10:34:44 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\jmdaud.dll
[2011/04/02 10:34:44 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmvcm.dll
[2011/04/02 10:34:44 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmgdi.dll
[2011/04/02 10:34:44 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmfjawt.dll
[2011/04/02 10:34:44 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmddraw.dll
[2011/04/02 10:34:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmmci.dll
[2011/04/02 10:34:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmdaudc.dll
[2010/12/16 17:42:43 | 000,000,132 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2010/12/11 11:37:15 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2010/12/07 22:55:44 | 000,000,132 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/11/10 19:37:07 | 000,000,036 | ---- | C] () -- C:\Users\Nathan\AppData\Local\housecall.guid.cache
[2010/08/24 07:44:57 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2010/04/27 15:30:23 | 000,000,075 | ---- | C] () -- C:\Windows\sierra.ini
[2010/04/27 13:42:05 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/04/27 13:42:05 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/04/27 13:42:05 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/02/09 16:17:52 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe
[2010/02/09 16:17:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2010/02/09 16:17:49 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2009/11/19 13:25:40 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/11/19 13:25:38 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2009/10/27 10:26:12 | 000,007,666 | ---- | C] () -- C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
[2009/10/24 23:52:46 | 000,014,848 | ---- | C] () -- C:\Users\Nathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/24 17:45:11 | 000,786,552 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/24 17:43:25 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/24 17:43:22 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/10/24 17:43:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/24 12:38:36 | 000,000,094 | ---- | C] () -- C:\Users\Nathan\AppData\Local\fusioncache.dat
[2009/10/24 11:47:07 | 768,309,223 | ---- | C] () -- C:\Program Files (x86)\Flyff_Client.exe
[2009/10/24 01:17:10 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/10/23 20:10:57 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/10/23 20:10:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/23 19:16:10 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/10/06 00:13:56 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/23 12:29:50 | 000,049,719 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/06/23 12:29:48 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/06/23 11:51:00 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2009/06/23 11:48:16 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2009/06/23 11:28:48 | 000,386,852 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2009/06/23 11:28:48 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2009/06/23 11:20:08 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2009/06/23 11:20:08 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2009/06/23 11:20:06 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
[2007/06/21 15:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/10/02 17:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2004/08/03 15:00:00 | 000,773,120 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2002/06/06 02:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\SysWow64\asutl8.dll

========== LOP Check ==========

[2009/12/27 17:14:08 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\.minecraft
[2010/05/21 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Activision
[2010/02/24 15:14:36 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Anvil Studio
[2011/05/07 15:05:55 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Auslogics
[2009/12/30 01:43:38 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Autodesk
[2010/11/28 11:41:35 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Bioshock2
[2009/10/23 19:54:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Blender Foundation
[2011/02/19 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/04 22:39:48 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\com.adobe.ExMan
[2011/03/21 21:46:00 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\DisplayFusion
[2010/10/03 13:29:21 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Doc.EE57A57224685151543546B0367A0BD876BF88FF.1
[2011/07/14 22:37:06 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\foobar2000
[2009/10/27 08:18:28 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Foxit
[2010/06/26 19:28:31 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\gtk-2.0
[2009/11/21 17:03:15 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Indigo Renderer
[2009/11/15 01:00:11 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\IrfanView
[2010/09/09 20:00:57 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Notepad++
[2010/04/15 20:03:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\OpenOffice.org
[2010/07/29 10:58:40 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Planetside Software
[2009/12/21 10:50:30 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Poser 7
[2011/07/07 19:03:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\PunkBuster
[2011/01/03 17:01:23 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ScripterRon
[2010/09/11 09:03:08 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ScummVM
[2010/12/07 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/03/07 14:40:39 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Stellarium
[2010/12/04 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Ubisoft
[2010/07/29 11:13:13 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\uk.co.planetside
[2011/05/07 14:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\uTorrent
[2009/10/24 08:33:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\VectorVest, Inc
[2009/10/24 13:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Win7codecs
[2011/03/25 19:17:57 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, not a great deal showing there. Is it a constant redirect or just occasionally

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [kFssrqWUYlqst] File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
hafunui

hafunui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It's kind of occasional, sometimes I don't notice anything (aside from google being slow), and other times it seems to redirect every google link.

Here's the OTL log :

OTL logfile created on: 7/23/2011 12:47:48 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Nathan\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 62.77% Memory free
8.00 Gb Paging File | 6.32 Gb Available in Paging File | 79.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 30.88 Gb Free Space | 13.26% Space Free | Partition Type: NTFS
Drive L: | 465.65 Gb Total Space | 52.62 Gb Free Space | 11.30% Space Free | Partition Type: FAT32
Drive Z: | 279.47 Gb Total Space | 67.70 Gb Free Space | 24.22% Space Free | Partition Type: NTFS

Computer Name: NATHANS-PC | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nathan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe (Binary Fortress Software)
PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Nathan\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.dll (Binary Fortress Software)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TabletServiceWacom) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (uxpatch) -- C:\Windows\SysNative\drivers\uxpatch.sys ()
DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV:64bit: - (CTEDSPSY.DLL) -- C:\Windows\SysNative\CTEDSPSY.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEDSPIO.DLL) -- C:\Windows\SysNative\CTEDSPIO.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEDSPFX.DLL) -- C:\Windows\SysNative\CTEDSPFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEAPSFX.DLL) -- C:\Windows\SysNative\CTEAPSFX.DLL (Creative Technology Ltd)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 02 28 32 51 54 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 17:44:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/25 21:51:56 | 000,000,000 | ---D | M]

[2010/11/19 16:36:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Extensions
[2011/07/20 16:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\f4ovxkq4.default\extensions
[2011/02/03 09:46:59 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\f4ovxkq4.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/06/22 17:44:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\f4ovxkq4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/22 22:14:51 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\f4ovxkq4.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
[2011/03/25 21:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 19:35:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/20 21:25:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\NATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4OVXKQ4.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\NATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4OVXKQ4.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\NATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4OVXKQ4.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\NATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4OVXKQ4.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\NATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4OVXKQ4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\NATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F4OVXKQ4.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/06/22 17:44:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/10/27 08:18:18 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/23 12:20:19 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AsioReg] File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/31 17:24:24 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/07/05 14:42:20 | 000,000,037 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{ef8bf434-c051-11de-94a9-00241dd8b335}\Shell - "" = AutoRun
O33 - MountPoints2\{ef8bf434-c051-11de-94a9-00241dd8b335}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AutoRunCD.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/23 12:20:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/21 19:15:02 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Desktop\MirrorsEdgeAudio
[2011/07/21 09:44:32 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Desktop\GooredFix Backups
[2011/07/21 09:20:05 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/21 09:10:11 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Desktop\Kaspersky
[2011/07/19 17:23:18 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
[2011/07/15 19:17:28 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2011/07/09 12:03:15 | 000,000,000 | -H-D | C] -- C:\Users\Nathan\AppData\Local\Nem's Tools
[2011/07/09 12:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nem's Tools
[2011/07/09 12:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Nem's Tools
[2011/07/09 12:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RADVideo
[2011/07/09 12:02:24 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker
[2011/07/08 15:42:42 | 000,000,000 | -H-D | C] -- C:\Users\Nathan\AppData\Local\SKIDROW
[2011/07/08 15:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011/07/07 19:03:58 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\PunkBuster
[2011/06/29 12:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2009/06/23 11:49:14 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009/06/23 11:20:00 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2009/05/14 23:15:24 | 005,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 23:15:24 | 004,397,928 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll

========== Files - Modified Within 30 Days ==========

[2011/07/23 12:46:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/23 12:43:08 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/23 12:43:08 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/23 12:35:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/23 12:35:36 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/23 12:34:42 | 000,033,688 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2011/07/23 12:34:42 | 000,033,688 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2011/07/23 12:34:42 | 000,029,604 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2011/07/23 12:34:42 | 000,029,604 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2011/07/23 12:34:42 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000008-10211102}.rfx
[2011/07/23 12:20:19 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/07/23 11:57:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/21 10:25:13 | 000,792,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/21 10:25:13 | 000,669,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/21 10:25:13 | 000,124,982 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/20 16:23:50 | 000,000,755 | ---- | M] () -- C:\Users\Public\Desktop\The Elder Scrolls Construction Set.lnk
[2011/07/20 16:12:26 | 000,000,653 | ---- | M] () -- C:\Users\Public\Desktop\Morrowind.lnk
[2011/07/19 17:23:18 | 000,000,679 | ---- | M] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
[2011/07/19 17:23:18 | 000,000,655 | ---- | M] () -- C:\Users\Nathan\Desktop\System Repair.lnk
[2011/07/16 18:51:33 | 000,018,420 | ---- | M] () -- C:\Users\Nathan\Documents\tawrateaet.ltree
[2011/07/16 13:18:37 | 000,019,668 | ---- | M] () -- C:\Users\Nathan\Documents\serTest.ltree
[2011/07/16 13:17:18 | 000,015,588 | ---- | M] () -- C:\Users\Nathan\Documents\qweqweqwe.ltree
[2011/07/16 13:15:09 | 000,010,878 | ---- | M] () -- C:\Users\Nathan\Documents\SomeLocationTree.ltree
[2011/07/15 22:12:10 | 000,000,132 | ---- | M] () -- C:\Users\Nathan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/13 11:18:02 | 004,855,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/07 19:04:08 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/07 19:04:00 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/05 13:46:10 | 000,004,669 | ---- | M] () -- C:\Users\Nathan\Documents\qwe.locations
[2011/07/05 13:45:19 | 000,004,669 | ---- | M] () -- C:\Users\Nathan\Documents\.testlocations
[2011/07/05 13:43:25 | 000,004,669 | ---- | M] () -- C:\Users\Nathan\Documents\qwelocations
[2011/07/05 13:38:04 | 000,004,669 | ---- | M] () -- C:\Users\Nathan\Documents\asd
[2011/07/02 18:07:54 | 000,060,038 | ---- | M] () -- C:\Users\Nathan\Documents\IMG_1709 (Small).jpg
[2011/07/02 18:07:38 | 000,087,720 | ---- | M] () -- C:\Users\Nathan\Documents\IMG_1713 (Medium).jpg
[2011/06/27 15:37:29 | 000,093,126 | ---- | M] () -- C:\Users\Nathan\Documents\P1010030-1.jpg

========== Files Created - No Company Name ==========

[2011/07/20 16:23:50 | 000,000,755 | ---- | C] () -- C:\Users\Public\Desktop\The Elder Scrolls Construction Set.lnk
[2011/07/20 16:12:26 | 000,000,653 | ---- | C] () -- C:\Users\Public\Desktop\Morrowind.lnk
[2011/07/19 17:23:18 | 000,000,679 | ---- | C] () -- C:\Users\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
[2011/07/19 17:23:18 | 000,000,655 | ---- | C] () -- C:\Users\Nathan\Desktop\System Repair.lnk
[2011/07/16 18:51:32 | 000,018,420 | ---- | C] () -- C:\Users\Nathan\Documents\tawrateaet.ltree
[2011/07/16 13:18:37 | 000,019,668 | ---- | C] () -- C:\Users\Nathan\Documents\serTest.ltree
[2011/07/16 13:17:17 | 000,015,588 | ---- | C] () -- C:\Users\Nathan\Documents\qweqweqwe.ltree
[2011/07/16 13:15:08 | 000,010,878 | ---- | C] () -- C:\Users\Nathan\Documents\SomeLocationTree.ltree
[2011/07/05 13:45:52 | 000,004,669 | ---- | C] () -- C:\Users\Nathan\Documents\qwe.locations
[2011/07/05 13:45:16 | 000,004,669 | ---- | C] () -- C:\Users\Nathan\Documents\.testlocations
[2011/07/05 13:43:11 | 000,004,669 | ---- | C] () -- C:\Users\Nathan\Documents\qwelocations
[2011/07/05 13:38:02 | 000,004,669 | ---- | C] () -- C:\Users\Nathan\Documents\asd
[2011/07/02 18:07:53 | 000,060,038 | ---- | C] () -- C:\Users\Nathan\Documents\IMG_1709 (Small).jpg
[2011/07/02 18:07:35 | 000,087,720 | ---- | C] () -- C:\Users\Nathan\Documents\IMG_1713 (Medium).jpg
[2011/06/27 15:37:27 | 000,093,126 | ---- | C] () -- C:\Users\Nathan\Documents\P1010030-1.jpg
[2011/05/22 10:28:51 | 000,009,566 | -HS- | C] () -- C:\Users\Nathan\AppData\Local\w7wk868rbh6
[2011/05/22 10:28:51 | 000,009,566 | -HS- | C] () -- C:\ProgramData\w7wk868rbh6
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/02 10:34:44 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\jsound.dll
[2011/04/02 10:34:44 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\jmmpa.dll
[2011/04/02 10:34:44 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\jmh261.dll
[2011/04/02 10:34:44 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\jmvh263.dll
[2011/04/02 10:34:44 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\jmjpeg.dll
[2011/04/02 10:34:44 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\jmh263enc.dll
[2011/04/02 10:34:44 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\jmg723.dll
[2011/04/02 10:34:44 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\jmmpegv.dll
[2011/04/02 10:34:44 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\jmutil.dll
[2011/04/02 10:34:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\jmgsm.dll
[2011/04/02 10:34:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\jmam.dll
[2011/04/02 10:34:44 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmcvid.dll
[2011/04/02 10:34:44 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmacm.dll
[2011/04/02 10:34:44 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\jmvfw.dll
[2011/04/02 10:34:44 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\jmdaud.dll
[2011/04/02 10:34:44 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmvcm.dll
[2011/04/02 10:34:44 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmgdi.dll
[2011/04/02 10:34:44 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmfjawt.dll
[2011/04/02 10:34:44 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmddraw.dll
[2011/04/02 10:34:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmmci.dll
[2011/04/02 10:34:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmdaudc.dll
[2010/12/16 17:42:43 | 000,000,132 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2010/12/11 11:37:15 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2010/12/07 22:55:44 | 000,000,132 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/11/10 19:37:07 | 000,000,036 | ---- | C] () -- C:\Users\Nathan\AppData\Local\housecall.guid.cache
[2010/08/24 07:44:57 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2010/04/27 15:30:23 | 000,000,075 | ---- | C] () -- C:\Windows\sierra.ini
[2010/04/27 13:42:05 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/04/27 13:42:05 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/04/27 13:42:05 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/02/09 16:17:52 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe
[2010/02/09 16:17:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2010/02/09 16:17:49 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2009/11/19 13:25:40 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/11/19 13:25:38 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2009/10/27 10:26:12 | 000,007,666 | ---- | C] () -- C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
[2009/10/24 23:52:46 | 000,014,848 | ---- | C] () -- C:\Users\Nathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/24 17:45:11 | 000,786,552 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/24 17:43:25 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/24 17:43:22 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/10/24 17:43:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/24 12:38:36 | 000,000,094 | ---- | C] () -- C:\Users\Nathan\AppData\Local\fusioncache.dat
[2009/10/24 11:47:07 | 768,309,223 | ---- | C] () -- C:\Program Files (x86)\Flyff_Client.exe
[2009/10/24 01:17:10 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/10/23 20:10:57 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/10/23 20:10:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/23 19:16:10 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/10/06 00:13:56 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/23 12:29:50 | 000,049,719 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/06/23 12:29:48 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/06/23 11:51:00 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2009/06/23 11:48:16 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2009/06/23 11:28:48 | 000,386,852 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2009/06/23 11:28:48 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2009/06/23 11:20:08 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2009/06/23 11:20:08 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2009/06/23 11:20:06 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
[2007/06/21 15:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/10/02 17:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2004/08/03 15:00:00 | 000,773,120 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2002/06/06 02:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\SysWow64\asutl8.dll

========== LOP Check ==========

[2009/12/27 17:14:08 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\.minecraft
[2010/05/21 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Activision
[2010/02/24 15:14:36 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Anvil Studio
[2011/05/07 15:05:55 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Auslogics
[2009/12/30 01:43:38 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Autodesk
[2010/11/28 11:41:35 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Bioshock2
[2009/10/23 19:54:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Blender Foundation
[2011/02/19 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/04 22:39:48 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\com.adobe.ExMan
[2011/03/21 21:46:00 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\DisplayFusion
[2010/10/03 13:29:21 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Doc.EE57A57224685151543546B0367A0BD876BF88FF.1
[2011/07/14 22:37:06 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\foobar2000
[2009/10/27 08:18:28 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Foxit
[2010/06/26 19:28:31 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\gtk-2.0
[2009/11/21 17:03:15 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Indigo Renderer
[2009/11/15 01:00:11 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\IrfanView
[2010/09/09 20:00:57 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Notepad++
[2010/04/15 20:03:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\OpenOffice.org
[2010/07/29 10:58:40 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Planetside Software
[2009/12/21 10:50:30 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Poser 7
[2011/07/07 19:03:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\PunkBuster
[2011/01/03 17:01:23 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ScripterRon
[2010/09/11 09:03:08 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ScummVM
[2010/12/07 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/03/07 14:40:39 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Stellarium
[2010/12/04 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Ubisoft
[2010/07/29 11:13:13 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\uk.co.planetside
[2011/05/07 14:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\uTorrent
[2009/10/24 08:33:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\VectorVest, Inc
[2009/10/24 13:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Win7codecs
[2011/03/25 19:17:57 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >


And here's the aswMBR log:

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-23 12:53:30
-----------------------------
12:53:30.651 OS Version: Windows x64 6.1.7600
12:53:30.651 Number of processors: 2 586 0x170A
12:53:30.651 ComputerName: NATHANS-PC UserName: Nathan
12:53:32.195 Initialize success
12:55:58.919 AVAST engine defs: 11072302
12:56:27.904 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
12:56:27.904 Disk 0 Vendor: ST3250410AS 3.AAA Size: 238475MB BusType: 3
12:56:27.919 Disk 0 MBR read successfully
12:56:27.919 Disk 0 MBR scan
12:56:27.919 Disk 0 MBR:Alureon-I [Rtk]
12:56:27.935 Disk 0 [email protected] code has been found
12:56:27.935 Disk 0 Windows 7 default MBR code found via API
12:56:27.935 Disk 0 MBR hidden
12:56:27.935 Disk 0 MBR [TDL4] **ROOTKIT**
12:56:27.951 Disk 0 trace - called modules:
12:56:27.951 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800463a254]<<
12:56:27.966 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004620700]
12:56:27.966 3 CLASSPNP.SYS[fffff8800191543f] -> nt!IofCallDriver -> [0xfffffa80044f4520]
12:56:27.966 5 ACPI.sys[fffff88000f64781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80044d6060]
12:56:27.982 \Driver\atapi[0xfffffa8004206060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800463a254
12:56:29.526 AVAST engine scan C:\Windows
12:56:35.641 AVAST engine scan C:\Windows\system32
12:58:05.373 AVAST engine scan C:\Windows\system32\drivers
12:58:13.344 AVAST engine scan C:\Users\Nathan
13:05:44.138 File: C:\Users\Nathan\Desktop\DADS_BACKUP\SharedDocs\stuff to save\sTUFF TO SAVE2\from95\download\EBOOKS\MakeWomenRespond.exe **INFECTED** Win32:Adware-gen [Adw]
13:40:10.077 AVAST engine scan C:\ProgramData
13:44:34.373 Scan finished successfully
13:45:19.410 Disk 0 MBR has been saved successfully to "C:\Users\Nathan\Downloads\MBR.dat"
13:45:19.410 The log file has been saved successfully to "C:\Users\Nathan\Downloads\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can now see the redirect cause - so lets kill it. On completion of the TDSSKiller run then run a fresh scan with aswMBR please - select no virus scan

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
hafunui

hafunui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
TDSSKiller found nothing. Here's the log:

2011/07/23 15:54:33.0987	TDSS rootkit removing tool 2.4.11.0 Dec  8 2010 14:46:40
2011/07/23 15:54:33.0987	================================================================================
2011/07/23 15:54:33.0987	SystemInfo:
2011/07/23 15:54:33.0987	
2011/07/23 15:54:33.0987	OS Version: 6.1.7600 ServicePack: 0.0
2011/07/23 15:54:33.0987	Product type: Workstation
2011/07/23 15:54:33.0988	ComputerName: NATHANS-PC
2011/07/23 15:54:33.0989	UserName: Nathan
2011/07/23 15:54:33.0989	Windows directory: C:\Windows
2011/07/23 15:54:33.0989	System windows directory: C:\Windows
2011/07/23 15:54:33.0989	Running under WOW64
2011/07/23 15:54:33.0989	Processor architecture: Intel x64
2011/07/23 15:54:33.0989	Number of processors: 2
2011/07/23 15:54:33.0989	Page size: 0x1000
2011/07/23 15:54:33.0989	Boot type: Normal boot
2011/07/23 15:54:33.0989	================================================================================
2011/07/23 15:54:33.0993	Utility is running under WOW64
2011/07/23 15:54:34.0282	Initialize success
2011/07/23 15:54:39.0156	================================================================================
2011/07/23 15:54:39.0156	Scan started
2011/07/23 15:54:39.0156	Mode: Manual; 
2011/07/23 15:54:39.0156	================================================================================
2011/07/23 15:54:41.0910	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/23 15:54:41.0953	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/23 15:54:41.0988	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/23 15:54:42.0056	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/23 15:54:42.0087	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/23 15:54:42.0123	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/23 15:54:42.0209	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/23 15:54:42.0247	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/23 15:54:42.0289	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/23 15:54:42.0320	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/23 15:54:42.0362	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/23 15:54:42.0379	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/23 15:54:42.0476	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/07/23 15:54:42.0525	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/23 15:54:42.0555	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/07/23 15:54:42.0791	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/23 15:54:42.0856	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/23 15:54:42.0886	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/23 15:54:43.0089	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/23 15:54:43.0110	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/23 15:54:43.0175	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/23 15:54:43.0223	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/23 15:54:43.0265	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/23 15:54:43.0322	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/23 15:54:43.0377	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/23 15:54:43.0413	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/23 15:54:43.0447	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/23 15:54:43.0483	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/23 15:54:43.0510	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/23 15:54:43.0536	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/23 15:54:43.0557	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/23 15:54:43.0589	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/23 15:54:43.0630	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/23 15:54:43.0664	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/23 15:54:43.0715	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/23 15:54:43.0746	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/23 15:54:43.0814	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/23 15:54:43.0830	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/23 15:54:43.0867	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/23 15:54:43.0906	COMMONFX        (463be8e74657c88232d8294e35b57a14) C:\Windows\system32\drivers\COMMONFX.SYS
2011/07/23 15:54:43.0981	COMMONFX.SYS    (463be8e74657c88232d8294e35b57a14) C:\Windows\System32\drivers\COMMONFX.SYS
2011/07/23 15:54:44.0002	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/23 15:54:44.0038	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/23 15:54:44.0080	cpuz132         (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
2011/07/23 15:54:44.0110	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/23 15:54:44.0179	CT20XUT.DLL     (01bbd5cb85423b12e445209d243a49a9) C:\Windows\system32\CT20XUT.DLL
2011/07/23 15:54:44.0235	ctac32k         (4a5026d454ed8a356f08fc3949884fff) C:\Windows\system32\drivers\ctac32k.sys
2011/07/23 15:54:44.0286	ctaud2k         (b5a2cd7a52d25f3fb7cd43ecbe8eda2b) C:\Windows\system32\drivers\ctaud2k.sys
2011/07/23 15:54:44.0343	CTAUDFX         (75e6d64b37a20b08fd9edf8fcac779b6) C:\Windows\system32\drivers\CTAUDFX.SYS
2011/07/23 15:54:44.0431	CTAUDFX.SYS     (75e6d64b37a20b08fd9edf8fcac779b6) C:\Windows\System32\drivers\CTAUDFX.SYS
2011/07/23 15:54:44.0529	CTEAPSFX.DLL    (06300545bedf49b6a51fdfe1861f9caf) C:\Windows\system32\CTEAPSFX.DLL
2011/07/23 15:54:44.0564	CTEDSPFX.DLL    (2d902f8ec247f0ed0d458cdcaf786544) C:\Windows\system32\CTEDSPFX.DLL
2011/07/23 15:54:44.0598	CTEDSPIO.DLL    (0d3f99cda2bea14e4911a698441f1a29) C:\Windows\system32\CTEDSPIO.DLL
2011/07/23 15:54:44.0628	CTEDSPSY.DLL    (9d26aa450ac1caadde25f1621ba89842) C:\Windows\system32\CTEDSPSY.DLL
2011/07/23 15:54:44.0682	CTERFXFX        (434b481f93149716e2149ba3ba2c7a13) C:\Windows\system32\drivers\CTERFXFX.SYS
2011/07/23 15:54:44.0757	CTERFXFX.SYS    (434b481f93149716e2149ba3ba2c7a13) C:\Windows\System32\drivers\CTERFXFX.SYS
2011/07/23 15:54:44.0834	CTEXFIFX.DLL    (fa6dca331835997d2f7c83b9aaabc4bb) C:\Windows\system32\CTEXFIFX.DLL
2011/07/23 15:54:44.0884	CTHWIUT.DLL     (9e6a0a3ca3825bb568d42f5f3cb09453) C:\Windows\system32\CTHWIUT.DLL
2011/07/23 15:54:44.0917	ctprxy2k        (8ad1bcc81ef6ada2972d9305eaf35730) C:\Windows\system32\drivers\ctprxy2k.sys
2011/07/23 15:54:44.0953	CTSBLFX         (94f78bd6660447b404227f11cd4ab443) C:\Windows\system32\drivers\CTSBLFX.SYS
2011/07/23 15:54:45.0036	CTSBLFX.SYS     (94f78bd6660447b404227f11cd4ab443) C:\Windows\System32\drivers\CTSBLFX.SYS
2011/07/23 15:54:45.0077	ctsfm2k         (e09eafb16c02cecaaac8bc806f9cec51) C:\Windows\system32\drivers\ctsfm2k.sys
2011/07/23 15:54:45.0166	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/23 15:54:45.0207	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/23 15:54:45.0249	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/23 15:54:45.0309	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/23 15:54:45.0463	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/23 15:54:45.0580	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/23 15:54:45.0669	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/23 15:54:45.0707	emupia          (84f11bf126dba1131c1f8fd87fab8330) C:\Windows\system32\drivers\emupia2k.sys
2011/07/23 15:54:45.0734	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/23 15:54:45.0779	etdrv           (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
2011/07/23 15:54:45.0819	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/23 15:54:45.0849	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/23 15:54:45.0885	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/23 15:54:45.0916	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/23 15:54:45.0939	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/23 15:54:45.0991	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/23 15:54:46.0025	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/23 15:54:46.0060	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/23 15:54:46.0080	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/23 15:54:46.0152	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/23 15:54:46.0188	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/23 15:54:46.0223	gdrv            (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2011/07/23 15:54:46.0304	GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
2011/07/23 15:54:46.0418	ha10kx2k        (19c51da5d42de5b01a1d5a0ef926f6b4) C:\Windows\system32\drivers\ha10kx2k.sys
2011/07/23 15:54:46.0460	hap16v2k        (5a256ddd5bac643d98c638e41b16c0f0) C:\Windows\system32\drivers\hap16v2k.sys
2011/07/23 15:54:46.0503	hap17v2k        (7ab7f3d844af3b911ec655cd1931f4ac) C:\Windows\system32\drivers\hap17v2k.sys
2011/07/23 15:54:46.0560	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/23 15:54:46.0640	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/23 15:54:46.0695	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/23 15:54:46.0743	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/23 15:54:46.0792	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/23 15:54:46.0844	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/23 15:54:46.0915	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/23 15:54:46.0993	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/23 15:54:47.0050	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/23 15:54:47.0083	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/23 15:54:47.0128	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/23 15:54:47.0195	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/07/23 15:54:47.0254	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/23 15:54:47.0345	IntcAzAudAddService (4b071aebbc13d60430ee0371b262f681) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/23 15:54:47.0379	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/23 15:54:47.0424	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/23 15:54:47.0461	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/23 15:54:47.0490	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/23 15:54:47.0519	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/23 15:54:47.0557	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/23 15:54:47.0583	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/23 15:54:47.0612	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/23 15:54:47.0648	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/23 15:54:47.0681	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/23 15:54:47.0717	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/23 15:54:47.0782	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/23 15:54:47.0812	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/23 15:54:47.0867	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/23 15:54:47.0918	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/23 15:54:47.0950	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/23 15:54:47.0975	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/23 15:54:48.0005	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/23 15:54:48.0047	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/23 15:54:48.0101	mcdbus          (2757f2e17c452e24682eb0ccea74997d) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/07/23 15:54:48.0133	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/23 15:54:48.0164	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/23 15:54:48.0204	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/23 15:54:48.0237	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/23 15:54:48.0258	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/23 15:54:48.0291	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/23 15:54:48.0314	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/23 15:54:48.0343	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/23 15:54:48.0373	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/23 15:54:48.0403	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/23 15:54:48.0467	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/23 15:54:48.0521	mrxsmb10        (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/23 15:54:48.0575	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/23 15:54:48.0604	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/23 15:54:48.0635	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/23 15:54:48.0677	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/23 15:54:48.0694	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/23 15:54:48.0727	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/23 15:54:48.0774	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/23 15:54:48.0809	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/23 15:54:48.0832	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/23 15:54:48.0863	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/23 15:54:48.0897	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/23 15:54:48.0931	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/23 15:54:48.0958	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/23 15:54:48.0985	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/23 15:54:49.0031	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/23 15:54:49.0080	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/23 15:54:49.0120	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/23 15:54:49.0161	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/23 15:54:49.0189	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/23 15:54:49.0215	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/23 15:54:49.0244	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/23 15:54:49.0271	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/23 15:54:49.0295	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/23 15:54:49.0374	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/23 15:54:49.0398	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/23 15:54:49.0464	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/23 15:54:49.0575	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/07/23 15:54:49.0612	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/23 15:54:49.0918	nvlddmkm        (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/23 15:54:50.0037	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/07/23 15:54:50.0091	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/07/23 15:54:50.0142	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/23 15:54:50.0162	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/23 15:54:50.0196	ossrv           (979736e1b96c02ac4bc6bea3f7db7f89) C:\Windows\system32\drivers\ctoss2k.sys
2011/07/23 15:54:50.0240	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/23 15:54:50.0268	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/23 15:54:50.0333	pbfilter        (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
2011/07/23 15:54:50.0386	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/23 15:54:50.0444	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/23 15:54:50.0497	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/23 15:54:50.0527	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/23 15:54:50.0564	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/23 15:54:50.0690	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/23 15:54:50.0716	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/23 15:54:50.0768	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/23 15:54:50.0838	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/23 15:54:50.0870	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/23 15:54:50.0909	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/23 15:54:50.0934	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/23 15:54:50.0982	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/23 15:54:51.0009	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/23 15:54:51.0043	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/23 15:54:51.0064	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/23 15:54:51.0091	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/23 15:54:51.0129	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/23 15:54:51.0157	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/23 15:54:51.0188	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/23 15:54:51.0216	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/23 15:54:51.0245	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/23 15:54:51.0280	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/23 15:54:51.0361	RivaTuner64     (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
2011/07/23 15:54:51.0464	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/23 15:54:51.0505	RTL8167         (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/23 15:54:51.0552	RTL8169         (d88d6ee7abc7e6ff4332e6cc7231927f) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/07/23 15:54:51.0596	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/23 15:54:51.0659	SCDEmu          (46942b6980b35ffda6afa40a8328938c) C:\Windows\system32\drivers\SCDEmu.sys
2011/07/23 15:54:51.0679	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/23 15:54:51.0720	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/23 15:54:51.0772	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/23 15:54:51.0809	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/23 15:54:51.0836	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/23 15:54:51.0880	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/23 15:54:51.0907	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/23 15:54:51.0930	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/23 15:54:51.0952	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/23 15:54:51.0994	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/23 15:54:52.0018	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/23 15:54:52.0055	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/23 15:54:52.0127	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/23 15:54:52.0213	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/23 15:54:52.0243	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/23 15:54:52.0311	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/23 15:54:52.0392	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/23 15:54:52.0425	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/23 15:54:52.0582	Tcpip           (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/23 15:54:52.0665	TCPIP6          (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/23 15:54:52.0707	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/23 15:54:52.0759	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/23 15:54:52.0780	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/23 15:54:52.0841	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/23 15:54:52.0863	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/23 15:54:52.0930	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/23 15:54:52.0971	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/23 15:54:53.0022	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/23 15:54:53.0077	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/23 15:54:53.0138	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/23 15:54:53.0191	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/23 15:54:53.0258	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/23 15:54:53.0352	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys
2011/07/23 15:54:53.0390	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/23 15:54:53.0419	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/23 15:54:53.0495	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/23 15:54:53.0541	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/07/23 15:54:53.0622	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/23 15:54:53.0691	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/23 15:54:53.0715	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/23 15:54:53.0788	uxpatch         (297ee9c666fc8bb96a232db0ddba1e49) C:\Windows\system32\drivers\uxpatch.sys
2011/07/23 15:54:53.0817	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/23 15:54:53.0858	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/23 15:54:53.0890	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/23 15:54:53.0922	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/23 15:54:53.0952	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/23 15:54:53.0980	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/23 15:54:54.0012	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/23 15:54:54.0042	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/23 15:54:54.0080	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/23 15:54:54.0123	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/07/23 15:54:54.0197	wacmoumonitor   (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/07/23 15:54:54.0239	wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/07/23 15:54:54.0264	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/23 15:54:54.0312	wacomvhid       (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/07/23 15:54:54.0380	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/23 15:54:54.0438	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/23 15:54:54.0500	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/23 15:54:54.0537	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/23 15:54:54.0592	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/23 15:54:54.0616	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/23 15:54:54.0706	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/23 15:54:54.0754	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/23 15:54:54.0797	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/23 15:54:54.0828	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/23 15:54:54.0959	================================================================================
2011/07/23 15:54:54.0959	Scan finished
2011/07/23 15:54:54.0959	================================================================================
2011/07/23 15:55:30.0617	Deinitialize success

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like it might be the new variant - lets confirm that

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

If it is the new variant we will need to create a recovery console disc

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

  • 0

#7
hafunui

hafunui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have created a recovery disc like you instructed, and here's the MBRCheck log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		 (build 7600), 64-bit
Base Board Manufacturer:	Gigabyte Technology Co., Ltd.
BIOS Manufacturer:		Award Software International, Inc.
System Manufacturer:		Gigabyte Technology Co., Ltd.
System Product Name:		EP45-UD3L
Logical Drives Mask:		0x020009fd

Kernel Drivers (total 202):
  0x02E13000 \SystemRoot\system32\ntoskrnl.exe
  0x033EF000 \SystemRoot\system32\hal.dll
  0x00BC2000 \SystemRoot\system32\kdcom.dll
  0x00CD8000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00D1C000 \SystemRoot\system32\PSHED.dll
  0x00D30000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00EA6000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F4A000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F59000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x00FB0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x00FB9000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x00FC3000 \SystemRoot\system32\DRIVERS\pci.sys
  0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E22000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00E37000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E93000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x00CC0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00D8E000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00E9A000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x00DA8000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x00DD2000 \SystemRoot\system32\drivers\amdxata.sys
  0x01021000 \SystemRoot\system32\drivers\fltmgr.sys
  0x0106D000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01201000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01081000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013A3000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x010DF000 \SystemRoot\System32\Drivers\cng.sys
  0x013BD000 \SystemRoot\System32\drivers\pcw.sys
  0x013CE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0147B000 \SystemRoot\system32\drivers\ndis.sys
  0x0156D000 \SystemRoot\system32\drivers\NETIO.SYS
  0x015CD000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01603000 \SystemRoot\System32\drivers\tcpip.sys
  0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01152000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x0144A000 \SystemRoot\System32\Drivers\spldr.sys
  0x01452000 \SystemRoot\SysWOW64\speedfan.sys
  0x0119E000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01459000 \SystemRoot\System32\Drivers\mup.sys
  0x0146B000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x018C4000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x018FE000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01914000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x0197A000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x019A4000 \SystemRoot\System32\Drivers\Null.SYS
  0x019AD000 \SystemRoot\System32\Drivers\Beep.SYS
  0x019B4000 \SystemRoot\System32\drivers\vga.sys
  0x019C2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x019E7000 \SystemRoot\System32\drivers\watchdog.sys
  0x019F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x01800000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x01809000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x01812000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x0181D000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x0182E000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x0184C000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x02C7E000 \SystemRoot\system32\drivers\afd.sys
  0x02D07000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x02D4C000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x02D55000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x02D7B000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x02D8A000 \SystemRoot\system32\DRIVERS\serial.sys
  0x02DA7000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x02DC2000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x02DD6000 \SystemRoot\System32\Drivers\SCDEmu.SYS
  0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x02C68000 \SystemRoot\System32\drivers\discache.sys
  0x01859000 \SystemRoot\System32\Drivers\dfsc.sys
  0x01877000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x01888000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x018AE000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x0FEFD000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x10BA2000 \SystemRoot\System32\Drivers\nvBridge.kmd
  0x0FE00000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x10BA4000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x10BEA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x03AF4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x03B4A000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x03B5B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x03B7F000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x03A00000 \SystemRoot\system32\drivers\ctaud2k.sys
  0x03BB1000 \SystemRoot\system32\drivers\portcls.sys
  0x03AD2000 \SystemRoot\system32\drivers\drmk.sys
  0x03CAC000 \SystemRoot\system32\drivers\ks.sys
  0x03CEF000 \SystemRoot\system32\drivers\ctoss2k.sys
  0x03D2A000 \SystemRoot\system32\drivers\ctprxy2k.sys
  0x03D32000 \SystemRoot\system32\drivers\ksthunk.sys
  0x03D38000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x03D45000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x03D51000 \SystemRoot\system32\DRIVERS\parport.sys
  0x03D6E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x03D8C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x03D9B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x03DAB000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
  0x03DAE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x03DC7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x03DD0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x03C00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x03C24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x03C30000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x03C5F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x03C7A000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x03DE6000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x03C9B000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x03CAA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x03BEE000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x040E7000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x04141000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x0414C000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x04159000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
  0x04161000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x05212000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x053B0000 \SystemRoot\system32\drivers\hap17v2k.sys
  0x0563A000 \SystemRoot\system32\drivers\ha10kx2k.sys
  0x04176000 \SystemRoot\system32\drivers\emupia2k.sys
  0x04000000 \SystemRoot\system32\drivers\ctsfm2k.sys
  0x058F9000 \SystemRoot\system32\drivers\ctac32k.sys
  0x059A7000 \SystemRoot\System32\drivers\COMMONFX.SYS
  0x05800000 \SystemRoot\System32\drivers\CTSBLFX.SYS
  0x05C01000 \SystemRoot\System32\drivers\CTAUDFX.SYS
  0x05CB1000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x05CBF000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x05CC1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x05CDC000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys
  0x05CE5000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x00070000 \SystemRoot\System32\win32k.sys
  0x05D1B000 \SystemRoot\System32\drivers\Dxapi.sys
  0x05D27000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x005F0000 \SystemRoot\System32\TSDDD.dll
  0x00610000 \SystemRoot\System32\cdd.dll
  0x00850000 \SystemRoot\System32\ATMFD.DLL
  0x05D35000 \SystemRoot\system32\drivers\luafv.sys
  0x05D58000 \SystemRoot\system32\drivers\WudfPf.sys
  0x05D79000 \??\C:\Windows\system32\drivers\uxpatch.sys
  0x05D83000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x05D98000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x0386C000 \SystemRoot\system32\drivers\HTTP.sys
  0x03934000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x03952000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x0396A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x03997000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x03800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x03823000 \??\C:\Windows\system32\drivers\cpuz132_x64.sys
  0x062BE000 \SystemRoot\system32\drivers\peauth.sys
  0x06364000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x0636F000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x0639C000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x06200000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0404A000 \SystemRoot\System32\DRIVERS\srv.sys
  0x06267000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x06275000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x06281000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x0628A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x0629D000 \??\C:\Windows\gdrv.sys
  0x063AE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x06B77000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x06B82000 \??\C:\Users\Nathan\AppData\Local\Temp\aswMBR.sys
  0x06A32000 \SystemRoot\system32\DRIVERS\umpass.sys
  0x777F0000 \Windows\System32\ntdll.dll
  0x48230000 \Windows\System32\smss.exe
  0xFFB10000 \Windows\System32\apisetschema.dll
  0xFF180000 \Windows\System32\autochk.exe
  0xFF9D0000 \Windows\System32\rpcrt4.dll
  0xFF9B0000 \Windows\System32\imagehlp.dll
  0xFF7A0000 \Windows\System32\ole32.dll
  0x776F0000 \Windows\System32\user32.dll
  0x779C0000 \Windows\System32\normaliz.dll
  0x779B0000 \Windows\System32\psapi.dll
  0xFF6D0000 \Windows\System32\usp10.dll
  0xFF650000 \Windows\System32\difxapi.dll
  0xFF520000 \Windows\System32\wininet.dll
  0xFF410000 \Windows\System32\msctf.dll
  0xFF400000 \Windows\System32\lpk.dll
  0xFF3E0000 \Windows\System32\sechost.dll
  0xFF3B0000 \Windows\System32\imm32.dll
  0xFF150000 \Windows\System32\iertutil.dll
  0xFF0D0000 \Windows\System32\shlwapi.dll
  0xFF030000 \Windows\System32\msvcrt.dll
  0xFEF90000 \Windows\System32\comdlg32.dll
  0xFEF20000 \Windows\System32\gdi32.dll
  0xFEE40000 \Windows\System32\oleaut32.dll
  0xFED60000 \Windows\System32\advapi32.dll
  0xFEB80000 \Windows\System32\setupapi.dll
  0xFDDF0000 \Windows\System32\shell32.dll
  0x775D0000 \Windows\System32\kernel32.dll
  0xFDDE0000 \Windows\System32\nsi.dll
  0xFDD90000 \Windows\System32\Wldap32.dll
  0xFDC10000 \Windows\System32\urlmon.dll
  0xFDBC0000 \Windows\System32\ws2_32.dll
  0xFDB20000 \Windows\System32\clbcatq.dll
  0xFDAE0000 \Windows\System32\wintrust.dll
  0xFDA70000 \Windows\System32\KernelBase.dll
  0xFDA30000 \Windows\System32\cfgmgr32.dll
  0xFD990000 \Windows\System32\comctl32.dll
  0xFD820000 \Windows\System32\crypt32.dll
  0xFD800000 \Windows\System32\devobj.dll
  0xFD7F0000 \Windows\System32\msasn1.dll
  0x75A70000 \Windows\SysWOW64\normaliz.dll

Processes (total 64):
       0 System Idle Process
       4 System
     356 C:\Windows\System32\smss.exe
     500 csrss.exe
     560 C:\Windows\System32\wininit.exe
     576 csrss.exe
     620 C:\Windows\System32\services.exe
     636 C:\Windows\System32\lsass.exe
     644 C:\Windows\System32\lsm.exe
     716 C:\Windows\System32\winlogon.exe
     808 C:\Windows\System32\svchost.exe
     872 C:\Windows\System32\nvvsvc.exe
     912 C:\Windows\System32\svchost.exe
     992 C:\Windows\System32\svchost.exe
     488 C:\Windows\System32\svchost.exe
     664 C:\Windows\System32\svchost.exe
     748 C:\Windows\UnsignedThemesSvc.exe
    1068 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1168 C:\Windows\System32\svchost.exe
    1256 C:\Windows\System32\svchost.exe
    1364 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1376 C:\Windows\System32\nvvsvc.exe
    1396 C:\Windows\System32\wisptis.exe
    1472 C:\Windows\System32\spoolsv.exe
    1524 C:\Windows\System32\svchost.exe
    1668 C:\Windows\System32\svchost.exe
    1724 C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
    1784 C:\Windows\SysWOW64\PnkBstrA.exe
    1852 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    1888 C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    1932 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1580 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2324 WUDFHost.exe
    2396 C:\Windows\System32\svchost.exe
    3008 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1824 C:\Windows\System32\taskhost.exe
    1560 C:\Windows\System32\wisptis.exe
    1704 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
    2264 C:\Windows\System32\dwm.exe
    1808 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
    2536 C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    1120 C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
     960 C:\Program Files\Internet Explorer\iexplore.exe
     496 C:\Program Files\Internet Explorer\iexplore.exe
    3492 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3532 C:\Program Files\Windows Sidebar\sidebar.exe
    3972 C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
    4092 C:\Windows\SysWOW64\CtHelper.exe
    4064 C:\Windows\System32\svchost.exe
    3304 C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
    3504 C:\Windows\System32\wuauclt.exe
    4080 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2096 dllhost.exe
    4340 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    4100 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    4552 C:\Windows\explorer.exe
    3788 C:\Program Files (x86)\Notepad++\notepad++.exe
    4788 L:\Fraps\fraps.exe
    3120 L:\Fraps\FRAPS64.DAT
    1164 C:\Windows\System32\taskhost.exe
    2056 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2208 C:\Windows\System32\audiodg.exe
    4384 C:\Users\Nathan\Downloads\MBRCheck.exe
    4456 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (FAT32)
\\.\Z: --> \\.\PhysicalDrive6 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: <error opening>
PhysicalDrive1 Model Number: WD5000AAC External, Rev: 1.06
PhysicalDrive6 Model Number: Maxtor 6L300S0, Rev: 1G20

      Size  Device Name          MBR Status
  --------------------------------------------
ERROR Opening: \\.\PhysicalDrive0 (32)
    465 GB  \\.\PhysicalDrive1   RE: Western Digital MBR code detected
            SHA1: CCCF1B32EE08ECFB66B30883CFF6110F69219FEA
    279 GB  \\.\PhysicalDrive6   RE: Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here

When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

  • Bootrec.exe /FixMbr
  • Once finished type Exit

Then reboot to normal mode please and re-run aswMBR
  • 0

#9
hafunui

hafunui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Done and done. Looks like Alureon-I is gone, google appears to be back to normal, here's the log:

aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-24 10:26:14
-----------------------------
10:26:14.004    OS Version: Windows x64 6.1.7600 
10:26:14.004    Number of processors: 2 586 0x170A
10:26:14.004    ComputerName: NATHANS-PC  UserName: Nathan
10:26:15.470    Initialize success
10:26:20.244    AVAST engine defs: 11072302
10:26:24.752    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:26:24.752    Disk 0 Vendor: ST3250410AS 3.AAA Size: 238475MB BusType: 3
10:26:24.752    Disk 0 MBR read successfully
10:26:24.752    Disk 0 MBR scan
10:26:24.768    Disk 0 Windows 7 default MBR code
10:26:24.784    Service scanning
10:26:26.858    Modules scanning
10:26:26.858    Disk 0 trace - called modules:
10:26:26.890    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys 
10:26:26.890    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004620060]
10:26:26.890    3 CLASSPNP.SYS[fffff880018df43f] -> nt!IofCallDriver -> [0xfffffa80044d0520]
10:26:26.890    5 ACPI.sys[fffff88000eeb781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80044d1680]
10:26:27.826    AVAST engine scan C:\Windows
10:26:34.783    AVAST engine scan C:\Windows\system32
10:28:12.720    AVAST engine scan C:\Windows\system32\drivers
10:28:25.294    AVAST engine scan C:\Users\Nathan
10:39:58.169    File: C:\Users\Nathan\Desktop\DADS_BACKUP\SharedDocs\stuff to save\sTUFF TO SAVE2\from95\download\EBOOKS\MakeWomenRespond.exe  **INFECTED** Win32:Adware-gen [Adw]
11:09:10.294    AVAST engine scan C:\ProgramData
11:13:11.321    Scan finished successfully
11:13:36.478    Disk 0 MBR has been saved successfully to "C:\Users\Nathan\Downloads\MBR.dat"
11:13:36.478    The log file has been saved successfully to "C:\Users\Nathan\Downloads\aswMBR.txt"

There still appears to be that one infected file. I removed it after the scan, so I should be clean now. I thank you for helping me with this. :)
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In the words of the immoral Bard - away [bleep] spot :)

Are there any further problems before I remove my tools ?
  • 0

#11
hafunui

hafunui

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Nope, everything seems to be in order. Thanks :)
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP