Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

redirects, cpu usage, memory usage, PING.EXE


  • Please log in to reply

#1
Kovathos

Kovathos

    New Member

  • Member
  • Pip
  • 7 posts
Hi, Im sorry if Im posting in the wrong area or doing anything wrong as this is all new to me.

I came across this website while trying to find a way to remove PING.EXE. This prograr m has been in my task manager for the past week or so and I know its not supposed to be there. It takes anywhere from 0 to 80% cpu power when its doing something its not supposed to be, and takes anywhere from 1.5 mb to almost 700 mb ive seen it at times in memory on my RAM.

Ive tried using AVG, Avast, Zone Alarm, IO malware removal, Malware bytes, none of it has fixed the issue.

I finally got ahold of factory reset cds from my laptop manufacture, and have reformated the laptop to factory defaults from when I first got it, saw that PING.EXE was still there and did it again, it is still there in my system.

I have noticed that when I disconnect from the internet the program does nothing.

I dont know what to do at this point. Any help would be greatly appreciated. I cant really afford to take this into a tech shop to get it fixed :)

*EDIT*

I forgot to mention that I ran these scans with those programs before I reset the computer to factory defaults. They were not done in safe mode either, which I think I should of done.

Also, I believe there may be more than 1 virus related to this ping.exe

As well, It seems to be attacking me with redirects more often then it did before, and it seems like its slowing down my internet even worse than it did before. (Though that just might be my roomates using the internet too)

Edited by Kovathos, 08 September 2011 - 03:43 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,003 posts
  • MVP
Try the zeroaccess removal tool:

http://anywhere.webr...izeroaccess.exe

Just download it, save it and run it. See if it works. I usually run it after Combofix and then it doesn't find anything so I want to give it a chance to prove itself.

Reboot when it tells you to.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply


Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.


Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Ron
  • 0

#3
Kovathos

Kovathos

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay, I ran the zeroaccess removal tool and this is what it said in the log after it was done.

It didnt find anything

I formatted this also so you can just use the find function to quickly go to each log file rather than going through everything.

for Antizeroaccess = antizero44
OTL = otl55
second otl log =otl255
combofix = fix66
tdsskiller = killer77
aswMBR = mbr88
avptool = avp99

**************************************************
antizero44


Webroot AntiZeroAccess 0.8 Log File
Execution time: 08/09/2011 - 20:13
Host operation System: Windows Seven AMD64 version 6.1.7600
20:13:53 - CheckSystem - Begin to check system...
20:13:53 - OpenRootDrive - Opening system root volume and physical drive....
20:13:53 - C Root Drive: Disk number: 0 Start sector: 0x01A90800 Partition Size: 0x2399DAB0 sectors.
20:13:53 - PrevX Main driver extracted in "C:\Windows\system32\drivers\ZeroAccess.sys".
20:13:54 - InstallAndStartDriver - Unable to start AntiZeroAccess driver. StartService last error: 1275
20:13:54 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
20:13:54 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
20:13:54 - Execution Ended!



**************************************************



It never did tell me to reboot either



otl55

And here is the first log from OTL



**************************************************

OTL logfile created on: 08/09/2011 8:17:23 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 76.64% Memory free
7.99 Gb Paging File | 6.87 Gb Available in Paging File | 85.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.81 Gb Total Space | 245.87 Gb Free Space | 86.33% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/08 20:16:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/09/03 02:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/07/13 21:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/03 02:01:45 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/28 17:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/08 17:46:47 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/11/05 16:20:00 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/08 17:40:36 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 16:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/11 21:35:24 | 000,225,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/10/04 21:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/21 05:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/23 11:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...78z175t58m1y963
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...78z175t58m1y963
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...78z175t58m1y963
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...78z175t58m1y963

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...78z175t58m1y963
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...78z175t58m1y963
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 17:06:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/08 17:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/09/08 17:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/03 02:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/02 19:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E7411F8-B8DD-458F-B144-29D7006BBEA4}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 20:16:19 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/09/08 20:11:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/08 20:05:38 | 000,000,000 | ---D | C] -- C:\Download
[2011/09/08 20:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\xOcean
[2011/09/08 20:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlastShark
[2011/09/08 19:56:05 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2011/09/08 19:28:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\wargaming.net
[2011/09/08 19:18:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\AMD
[2011/09/08 19:17:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\ATI
[2011/09/08 19:17:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ATI
[2011/09/08 19:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/09/08 19:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/09/08 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/09/08 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/09/08 19:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/09/08 19:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/09/08 19:17:19 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2011/09/08 19:16:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/09/08 19:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/09/08 19:13:46 | 000,000,000 | ---D | C] -- C:\ATI
[2011/09/08 19:06:01 | 000,000,000 | ---D | C] -- C:\AMD
[2011/09/08 18:59:38 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/09/08 18:59:38 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011/09/08 18:59:38 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/09/08 18:59:38 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011/09/08 18:59:38 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/09/08 18:59:38 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/09/08 18:59:36 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/09/08 18:59:36 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/09/08 18:59:36 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/09/08 18:59:36 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/09/08 18:59:35 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011/09/08 18:59:35 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/09/08 18:59:34 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011/09/08 18:59:34 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/09/08 18:59:34 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011/09/08 18:59:34 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/09/08 18:59:33 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011/09/08 18:59:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/09/08 18:59:33 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/09/08 18:59:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/09/08 18:59:32 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/09/08 18:59:32 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011/09/08 18:59:32 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/09/08 18:59:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/09/08 18:59:31 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011/09/08 18:59:31 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/09/08 18:59:30 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/09/08 18:59:30 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/09/08 18:59:30 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/09/08 18:59:30 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/09/08 18:59:28 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/09/08 18:59:28 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/09/08 18:59:28 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011/09/08 18:59:28 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/09/08 18:59:27 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/09/08 18:59:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/09/08 18:59:26 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011/09/08 18:59:26 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/09/08 18:59:25 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/09/08 18:59:25 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011/09/08 18:59:25 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/09/08 18:59:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011/09/08 18:59:24 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/09/08 18:59:24 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/09/08 18:59:23 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/09/08 18:59:23 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/09/08 18:59:23 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/09/08 18:59:23 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/09/08 18:59:22 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/09/08 18:59:22 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/09/08 18:59:22 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/09/08 18:59:22 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/09/08 18:59:21 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/09/08 18:59:21 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/09/08 18:59:21 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/09/08 18:59:21 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/09/08 18:59:20 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/09/08 18:59:20 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/09/08 18:59:19 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/09/08 18:59:19 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/09/08 18:59:19 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/09/08 18:59:19 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/09/08 18:59:18 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/09/08 18:59:18 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/09/08 18:59:18 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/09/08 18:59:18 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/09/08 18:59:16 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/09/08 18:59:16 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/09/08 18:59:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/09/08 18:59:16 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/09/08 18:59:16 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/09/08 18:59:16 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/09/08 18:59:14 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/09/08 18:59:14 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/09/08 18:59:14 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/09/08 18:59:14 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/09/08 18:59:14 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/09/08 18:59:14 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/09/08 18:59:12 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/09/08 18:59:12 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/09/08 18:59:12 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/09/08 18:59:12 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/09/08 18:59:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/09/08 18:59:11 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/09/08 18:59:10 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/09/08 18:59:10 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/09/08 18:59:10 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011/09/08 18:59:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/09/08 18:59:10 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/09/08 18:59:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/09/08 18:59:09 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011/09/08 18:59:09 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/09/08 18:59:08 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/09/08 18:59:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/09/08 18:59:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/09/08 18:59:08 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/09/08 18:59:07 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/09/08 18:59:07 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/09/08 18:59:07 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/09/08 18:59:07 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/09/08 18:59:07 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/09/08 18:59:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/09/08 18:59:05 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/09/08 18:59:05 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/09/08 18:59:04 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011/09/08 18:59:04 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/09/08 18:59:04 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011/09/08 18:59:04 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/09/08 18:59:03 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011/09/08 18:59:03 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/09/08 18:59:03 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/09/08 18:59:03 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/09/08 18:59:02 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011/09/08 18:59:02 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/09/08 18:59:01 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/09/08 18:59:01 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/09/08 18:59:01 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011/09/08 18:59:01 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/09/08 18:59:00 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011/09/08 18:59:00 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/09/08 18:58:58 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011/09/08 18:58:58 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/09/08 18:58:58 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011/09/08 18:58:58 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/09/08 18:58:58 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/09/08 18:58:58 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/09/08 18:58:57 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011/09/08 18:58:57 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/09/08 18:58:57 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/09/08 18:58:57 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/09/08 18:58:56 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011/09/08 18:58:56 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/09/08 18:58:55 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011/09/08 18:58:55 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/09/08 18:58:55 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011/09/08 18:58:55 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/09/08 18:58:54 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011/09/08 18:58:54 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/09/08 18:58:54 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/09/08 18:58:54 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/09/08 18:58:52 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011/09/08 18:58:52 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/09/08 18:58:51 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011/09/08 18:58:51 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/09/08 18:58:50 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/09/08 18:58:50 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/09/08 18:58:46 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011/09/08 18:58:46 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/09/08 18:58:46 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011/09/08 18:58:46 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/09/08 18:58:46 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/09/08 18:58:46 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/09/08 18:58:44 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011/09/08 18:58:44 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/09/08 18:58:44 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011/09/08 18:58:44 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/09/08 18:58:43 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/09/08 18:58:43 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/09/08 18:58:40 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/09/08 18:58:40 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/09/08 18:58:38 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/09/08 18:58:38 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/09/08 18:58:33 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/09/08 18:58:33 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/09/08 18:58:31 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/09/08 18:58:31 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/09/08 18:58:31 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/09/08 18:58:31 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/09/08 18:58:31 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/09/08 18:58:31 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/09/08 18:58:30 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/09/08 18:58:30 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/09/08 18:58:29 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/09/08 18:58:29 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/09/08 18:58:28 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/09/08 18:58:28 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/09/08 18:58:27 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/09/08 18:58:27 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/09/08 18:58:25 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/09/08 18:58:25 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/09/08 18:46:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\NeopleLauncherDFO
[2011/09/08 18:41:49 | 000,000,000 | ---D | C] -- C:\Games
[2011/09/08 18:21:25 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2011/09/08 18:21:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2011/09/08 18:21:24 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2011/09/08 18:11:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Skype
[2011/09/08 18:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/09/08 18:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011/09/08 18:09:04 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011/09/08 18:09:03 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2011/09/08 18:09:03 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011/09/08 18:09:03 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011/09/08 18:09:03 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011/09/08 18:09:03 | 000,177,088 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2011/09/08 18:09:03 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011/09/08 18:09:03 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2011/09/08 18:09:03 | 000,065,432 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2011/09/08 18:09:02 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2011/09/08 18:09:02 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2011/09/08 18:09:02 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2011/09/08 18:09:02 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2011/09/08 18:09:01 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2011/09/08 18:09:01 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2011/09/08 18:09:00 | 003,201,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2011/09/08 18:09:00 | 002,518,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2011/09/08 18:09:00 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2011/09/08 18:09:00 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2011/09/08 18:08:59 | 001,881,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2011/09/08 18:08:59 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011/09/08 18:08:59 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011/09/08 18:08:59 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011/09/08 18:08:59 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011/09/08 18:08:58 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2011/09/08 18:08:58 | 001,501,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2011/09/08 18:08:58 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2011/09/08 18:08:58 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011/09/08 18:08:58 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011/09/08 18:08:58 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2011/09/08 18:08:58 | 000,097,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2011/09/08 18:08:57 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2011/09/08 18:08:57 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2011/09/08 18:08:57 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2011/09/08 18:08:56 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2011/09/08 18:08:56 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011/09/08 18:08:56 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2011/09/08 18:08:56 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2011/09/08 18:08:56 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011/09/08 18:08:55 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2011/09/08 18:08:53 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011/09/08 18:08:52 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011/09/08 18:08:52 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011/09/08 18:08:52 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011/09/08 18:08:52 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011/09/08 18:08:52 | 000,527,872 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2011/09/08 18:08:52 | 000,515,584 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2011/09/08 18:08:52 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011/09/08 18:08:52 | 000,439,808 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2011/09/08 18:08:52 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011/09/08 18:08:51 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011/09/08 18:08:51 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011/09/08 18:08:51 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011/09/08 18:08:51 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011/09/08 18:08:51 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011/09/08 18:08:51 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011/09/08 18:08:50 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2011/09/08 18:08:50 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2011/09/08 18:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2011/09/08 17:58:45 | 000,000,000 | ---D | C] -- C:\Nexon
[2011/09/08 17:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2011/09/08 17:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/08 17:54:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/09/08 17:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/09/08 17:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/09/08 17:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011/09/08 17:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/09/08 17:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/09/08 17:40:36 | 000,270,912 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/09/08 17:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/09/08 17:40:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Lite
[2011/09/08 17:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/09/08 17:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011/09/08 17:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/09/08 17:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/09/08 17:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/09/08 17:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/09/08 17:16:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/09/08 17:16:03 | 000,000,000 | ---D | C] -- C:\Fraps
[2011/09/08 17:15:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Xpadder
[2011/09/08 17:15:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/09/08 17:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/08 17:13:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\My Stuff
[2011/09/08 17:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2011/09/08 17:09:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\BitTorrent
[2011/09/08 17:06:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2011/09/08 17:06:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Mozilla
[2011/09/08 17:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/09/08 16:31:00 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/09/08 16:31:00 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/09/08 16:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/09/08 16:30:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe
[2011/09/08 16:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/09/08 16:29:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/09/08 16:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/09/08 16:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/09/08 16:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/09/08 16:28:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Google
[2011/09/08 16:28:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2011/09/08 16:27:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/09/08 16:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam
[2011/09/08 16:26:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\InstallShield
[2011/09/08 16:24:47 | 000,000,000 | ---D | C] -- C:\book
[2011/09/08 16:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2011/09/08 16:24:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\EgisTec
[2011/09/08 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McQcModifier-5c47-a7b0
[2011/09/08 16:24:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2011/09/08 16:24:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/08 16:24:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\Searches
[2011/09/08 16:24:17 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/08 16:24:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Identities
[2011/09/08 16:24:04 | 000,000,000 | R--D | C] -- C:\Users\Chris\Contacts
[2011/09/08 16:24:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VirtualStore
[2011/09/08 16:22:23 | 000,000,000 | -H-D | C] -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Temporary Internet Files
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Templates
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Start Menu
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\SendTo
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Recent
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\PrintHood
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\NetHood
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Videos
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Pictures
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Music
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\My Documents
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Local Settings
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\History
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Cookies
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Application Data
[2011/09/08 16:21:07 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Application Data
[2011/09/08 16:21:06 | 000,000,000 | --SD | C] -- C:\Users\Chris\AppData\Roaming\Microsoft
[2011/09/08 16:21:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Videos
[2011/09/08 16:21:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Saved Games
[2011/09/08 16:21:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Pictures
[2011/09/08 16:21:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Music
[2011/09/08 16:21:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/08 16:21:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Links
[2011/09/08 16:21:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Favorites
[2011/09/08 16:21:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Downloads
[2011/09/08 16:21:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Documents
[2011/09/08 16:21:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Desktop
[2011/09/08 16:21:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/08 16:21:06 | 000,000,000 | -H-D | C] -- C:\Users\Chris\AppData
[2011/09/08 16:21:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp
[2011/09/08 16:21:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft
[2011/09/08 16:21:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Media Center Programs
[2011/09/08 16:20:54 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/09/08 16:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/09/08 16:16:11 | 000,034,872 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2011/09/08 16:16:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/09/08 16:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2011/09/08 16:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/09/08 16:13:16 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/09/08 16:10:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/09/08 20:18:46 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 20:18:46 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 20:16:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/09/08 20:15:55 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/08 20:15:55 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/08 20:15:55 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/08 20:11:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 20:11:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/08 20:11:07 | 146,422,170 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/08 20:11:03 | 3219,922,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/08 19:56:05 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2011/09/08 19:56:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 18:57:25 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2011/09/08 18:02:01 | 000,000,202 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
[2011/09/08 17:55:35 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/08 17:54:59 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/08 17:44:14 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/09/08 17:40:36 | 000,270,912 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/09/08 17:40:32 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/09/08 17:29:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/09/08 17:27:15 | 000,340,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/08 17:16:26 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2011/09/08 17:16:03 | 000,000,566 | ---- | M] () -- C:\Users\Chris\Desktop\Fraps.lnk
[2011/09/08 17:10:20 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/09/08 17:06:32 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/08 16:28:03 | 000,001,445 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/08 16:26:13 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
[2011/09/08 16:26:13 | 000,000,074 | ---- | M] () -- C:\Windows\PidList.ini
[2011/09/08 16:25:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/09/08 16:19:49 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/09/08 16:19:49 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/09/08 16:16:23 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2011/08/31 19:12:00 | 001,698,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011/08/30 16:41:22 | 001,501,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2011/08/30 13:37:44 | 002,518,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2011/08/24 13:30:06 | 003,201,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2011/08/23 17:00:24 | 000,603,984 | ---- | M] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2011/08/23 12:06:12 | 000,097,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2011/08/19 14:54:12 | 001,881,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

========== Files Created - No Company Name ==========

[2011/09/08 20:11:07 | 146,422,170 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/08 19:57:22 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2011/09/08 18:57:25 | 000,000,773 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2011/09/08 18:02:01 | 000,000,202 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
[2011/09/08 17:55:35 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/08 17:54:59 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/08 17:44:14 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/09/08 17:40:32 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/09/08 17:29:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/09/08 17:16:26 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2011/09/08 17:16:03 | 000,000,566 | ---- | C] () -- C:\Users\Chris\Desktop\Fraps.lnk
[2011/09/08 17:10:19 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011/09/08 17:06:32 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/08 16:46:53 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 16:46:52 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 16:28:03 | 000,001,445 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/08 16:26:41 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/09/08 16:26:41 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2011/09/08 16:26:40 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2011/09/08 16:25:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/09/08 16:24:25 | 000,001,417 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/09/08 16:24:19 | 000,001,451 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/08 16:21:06 | 000,000,290 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/09/08 16:21:06 | 000,000,272 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/09/08 16:11:46 | 000,681,508 | ---- | C] () -- C:\Windows\SysNative\oem3.inf
[2011/09/08 16:10:06 | 3219,922,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/11/05 16:38:52 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
[2009/11/05 15:49:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >



**************************************************


Here is the second log file

otl255

**************************************************

OTL Extras logfile created on: 08/09/2011 8:17:23 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 76.64% Memory free
7.99 Gb Paging File | 6.87 Gb Available in Paging File | 85.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.81 Gb Total Space | 245.87 Gb Free Space | 86.33% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}" = ccc-utility64
"{499CBE65-4E07-B40A-624A-B5B7BD6F9A9C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{8D0A0350-B509-B362-4827-63E4C6520E7B}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C1124346-2EE7-7D9F-6702-625128046EB0}" = AMD Fuel
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6
"{1F4748E6-E093-FA89-7999-737F48C4767F}" = Catalyst Control Center InstallProxy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = AMD VISION Engine Control Center
"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common
"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitTorrent" = BitTorrent
"DAEMON Tools Lite" = DAEMON Tools Lite
"DFO" = DFOLauncher
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/09/2011 4:15:59 PM | Computer Name = WIN-TT5OA1TNLCO | Source = MsiInstaller | ID = 11935
Description =

[ System Events ]
Error - 08/09/2011 5:33:11 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 08/09/2011 5:33:16 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7031
Description = The Microsoft .NET Framework NGEN v2.0.50727_X86 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 60000 milliseconds: Restart the service.

Error - 08/09/2011 5:33:41 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error: %%1056

Error - 08/09/2011 5:47:00 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 08/09/2011 5:47:00 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 08/09/2011 6:00:24 PM | Computer Name = Chris-PC | Source = DCOM | ID = 10010
Description =

Error - 08/09/2011 6:04:35 PM | Computer Name = Chris-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll


Error - 08/09/2011 6:04:37 PM | Computer Name = Chris-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll


Error - 08/09/2011 6:04:37 PM | Computer Name = Chris-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll


Error - 08/09/2011 6:05:59 PM | Computer Name = Chris-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >



**************************************************



Here is the log fie from Combofix

fix66

**************************************************



ComboFix 11-09-08.03 - Chris 08/09/2011 20:30:36.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4094.3081 [GMT -4:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
.
.
2011-09-09 00:35 . 2011-09-09 00:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-09 00:28 . 2011-08-16 12:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D769152-2507-400D-BE3B-2F31DCC74C3A}\mpengine.dll
2011-09-09 00:19 . 2011-09-09 00:19 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-09 00:05 . 2011-09-09 00:06 -------- d-----w- C:\Download
2011-09-09 00:05 . 2011-09-09 00:05 -------- d-----w- c:\programdata\xOcean
2011-09-09 00:05 . 2011-09-09 00:05 -------- d-----w- c:\program files (x86)\BlastShark
2011-09-08 23:56 . 2011-09-08 23:56 -------- d-----w- c:\windows\NAPP_Dism_Log
2011-09-08 23:17 . 2011-09-08 23:17 -------- d-----w- c:\programdata\ATI
2011-09-08 23:17 . 2011-09-08 23:17 -------- d-----w- c:\program files (x86)\AMD APP
2011-09-08 23:17 . 2011-09-08 23:17 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-09-08 23:17 . 2011-09-08 23:17 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-09-08 23:17 . 2011-09-08 23:17 -------- d-----w- c:\programdata\AMD
2011-09-08 23:17 . 2010-02-18 13:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-09-08 23:16 . 2011-09-08 23:16 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-09-08 23:14 . 2011-09-08 23:17 -------- d-----w- c:\program files\ATI Technologies
2011-09-08 23:13 . 2011-09-08 23:13 -------- d-----w- C:\ATI
2011-09-08 23:06 . 2011-09-08 23:06 -------- d-----w- C:\AMD
2011-09-08 22:58 . 2007-10-22 07:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll
2011-09-08 22:41 . 2011-09-08 22:41 -------- d-----w- C:\Games
2011-09-08 22:21 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-09-08 22:21 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-09-08 22:21 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-09-08 22:21 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-09-08 22:08 . 2011-08-19 18:54 1881704 ----a-w- c:\windows\system32\RtkApi64.dll
2011-09-08 22:06 . 2005-11-14 03:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-09-08 21:58 . 2011-09-08 21:58 -------- d-----w- C:\Nexon
2011-09-08 21:58 . 2011-09-08 21:58 -------- d-----w- c:\programdata\NexonUS
2011-09-08 21:55 . 2011-09-08 21:55 -------- d-----w- c:\program files\CCleaner
2011-09-08 21:54 . 2011-09-08 21:54 -------- d-----r- c:\program files (x86)\Skype
2011-09-08 21:54 . 2011-09-08 21:54 -------- d-----w- c:\programdata\Skype
2011-09-08 21:44 . 2011-09-08 21:47 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-09-08 21:44 . 2011-09-08 22:35 -------- d-----w- c:\program files (x86)\Steam
2011-09-08 21:40 . 2011-09-08 21:40 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-08 21:40 . 2011-09-08 21:40 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-09-08 21:39 . 2011-09-08 21:40 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-09-08 21:39 . 2011-09-08 21:39 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-09-08 21:38 . 2011-09-08 21:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-09-08 21:16 . 2011-09-08 21:16 -------- d-----w- c:\programdata\IObit
2011-09-08 21:16 . 2011-09-08 21:16 -------- d-----w- c:\program files (x86)\IObit
2011-09-08 21:16 . 2011-09-08 21:16 -------- d-----w- C:\Fraps
2011-09-08 21:10 . 2011-09-08 21:10 -------- d-----w- c:\program files (x86)\BitTorrent
2011-09-08 20:31 . 2006-11-29 17:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-09-08 20:31 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-09-08 20:30 . 2011-09-08 20:30 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-08 20:30 . 2011-09-08 20:30 -------- d-----w- c:\program files (x86)\Microsoft
2011-09-08 20:29 . 2011-09-08 20:29 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-09-08 20:28 . 2011-09-08 20:31 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-08 20:27 . 2011-09-08 20:27 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-09-08 20:26 . 2011-09-08 20:26 200704 ----a-w- c:\windows\PLFSetI.exe
2011-09-08 20:26 . 2008-09-09 23:02 106496 ----a-w- c:\windows\FixUVC.exe
2011-09-08 20:24 . 2011-09-08 20:24 -------- d---a-w- C:\book
2011-09-08 20:24 . 2011-09-08 20:24 -------- d-----w- c:\programdata\McQcModifier-5c47-a7b0
2011-09-08 20:21 . 2011-09-08 20:24 -------- d-----w- c:\users\Chris
2011-09-08 20:20 . 2011-09-08 20:20 -------- d-----w- C:\Recovery
2011-09-08 20:16 . 2011-09-08 20:16 -------- d-----w- c:\program files\DIFX
2011-09-08 20:16 . 2011-09-08 20:16 -------- dc----w- c:\windows\system32\DRVSTORE
2011-09-08 20:16 . 2011-09-08 20:16 -------- d-----w- c:\program files (x86)\AMD
2011-09-08 20:16 . 2009-04-03 10:39 34872 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2011-09-08 20:15 . 2011-09-08 20:15 -------- d-----w- c:\program files\ATI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-08 20:16 . 2009-11-05 20:06 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
2011-08-31 23:12 . 2009-11-05 19:57 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-07-28 22:23 . 2011-07-28 22:23 9980416 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-28 22:09 . 2011-07-28 22:09 23921664 ----a-w- c:\windows\system32\atio6axx.dll
2011-07-28 21:49 . 2011-07-28 21:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-28 21:49 . 2011-07-28 21:49 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-07-28 21:48 . 2011-07-28 21:48 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-28 21:48 . 2011-07-28 21:48 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-07-28 21:48 . 2011-07-28 21:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-28 21:48 . 2011-07-28 21:48 13555712 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-28 21:40 . 2011-07-28 21:40 726528 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-07-28 21:39 . 2011-07-28 21:39 852992 ----a-w- c:\windows\system32\aticfx64.dll
2011-07-28 21:36 . 2011-07-28 21:36 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-28 21:36 . 2011-07-28 21:36 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-28 21:35 . 2011-07-28 21:35 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-28 21:34 . 2011-07-28 21:34 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-07-28 21:34 . 2011-07-28 21:34 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-07-28 21:33 . 2011-07-28 21:33 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-28 21:33 . 2011-07-28 21:33 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-07-28 21:30 . 2011-07-28 21:30 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-07-28 21:20 . 2011-07-28 21:20 4943360 ----a-w- c:\windows\system32\atidxx64.dll
2011-07-28 21:12 . 2011-07-28 21:12 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-07-28 21:11 . 2011-07-28 21:11 3871744 ----a-w- c:\windows\system32\atiumd6a.dll
2011-07-28 21:11 . 2011-07-28 21:11 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-07-28 21:11 . 2011-07-28 21:11 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-07-28 21:10 . 2011-07-28 21:10 9644544 ----a-w- c:\windows\system32\aticaldd64.dll
2011-07-28 21:09 . 2009-07-13 21:59 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-07-28 21:03 . 2009-07-13 21:59 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-07-28 21:02 . 2011-07-28 21:02 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2011-07-28 21:01 . 2011-07-28 21:01 58880 ----a-w- c:\windows\system32\coinst.dll
2011-07-28 20:54 . 2011-07-28 20:54 378368 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-07-28 20:54 . 2011-07-28 20:54 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-07-28 20:54 . 2011-07-28 20:54 309248 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-28 20:53 . 2011-07-28 20:53 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-07-28 20:53 . 2011-07-28 20:53 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-07-28 20:53 . 2011-07-28 20:53 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-07-28 20:53 . 2011-07-28 20:53 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-07-28 20:52 . 2011-07-28 20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-28 20:51 . 2011-07-28 20:51 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-07-28 20:51 . 2011-07-28 20:51 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-06-16 07:34 . 2011-06-16 07:34 79872 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2011-06-16 07:34 . 2011-06-16 07:34 2971648 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-16 07:34 . 2011-06-16 07:34 2117632 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2011-06-16 07:34 . 2011-06-16 07:34 105984 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-05 20:19 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 135664]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-11-05 332272]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 20:46]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 20:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-05 20:19 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5542&r=27360911v106l0478z175t58m1y963
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5542&r=27360911v106l0478z175t58m1y963
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\tf687e4i.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ping.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2011-09-08 20:41:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-09 00:41
.
Pre-Run: 263,645,175,808 bytes free
Post-Run: 263,534,260,224 bytes free
.
- - End Of File - - ED9DD4DCD5F7124087260E13D655E1B1



**************************************************



I hope this is the log you wanted from tdsskiller, it seems after whatever this program did it removed ping.exe from my process list in task manager, so who knows? this might of fixed it but i will continue with the trouble shooting just in case. When tdsskiller did find something i chose the option to cure which is what I hope you wanted as well.

killer77

**************************************************



2011/09/08 20:45:34.0387 0964 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/08 20:45:34.0878 0964 ================================================================================
2011/09/08 20:45:34.0878 0964 SystemInfo:
2011/09/08 20:45:34.0878 0964
2011/09/08 20:45:34.0878 0964 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/08 20:45:34.0878 0964 Product type: Workstation
2011/09/08 20:45:34.0878 0964 ComputerName: CHRIS-PC
2011/09/08 20:45:34.0878 0964 UserName: Chris
2011/09/08 20:45:34.0878 0964 Windows directory: C:\Windows
2011/09/08 20:45:34.0878 0964 System windows directory: C:\Windows
2011/09/08 20:45:34.0878 0964 Running under WOW64
2011/09/08 20:45:34.0878 0964 Processor architecture: Intel x64
2011/09/08 20:45:34.0878 0964 Number of processors: 2
2011/09/08 20:45:34.0878 0964 Page size: 0x1000
2011/09/08 20:45:34.0878 0964 Boot type: Normal boot
2011/09/08 20:45:34.0878 0964 ================================================================================
2011/09/08 20:45:35.0743 0964 Initialize success
2011/09/08 20:46:02.0627 1868 ================================================================================
2011/09/08 20:46:02.0627 1868 Scan started
2011/09/08 20:46:02.0627 1868 Mode: Manual;
2011/09/08 20:46:02.0627 1868 ================================================================================
2011/09/08 20:46:03.0553 1868 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/08 20:46:03.0907 1868 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/08 20:46:04.0239 1868 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/08 20:46:04.0597 1868 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/08 20:46:04.0948 1868 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/08 20:46:05.0321 1868 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/08 20:46:05.0691 1868 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/09/08 20:46:06.0035 1868 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/08 20:46:06.0391 1868 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/08 20:46:06.0758 1868 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/08 20:46:07.0117 1868 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/09/08 20:46:07.0482 1868 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/08 20:46:08.0049 1868 amdkmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/08 20:46:08.0587 1868 amdkmdap (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/09/08 20:46:08.0916 1868 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/08 20:46:09.0263 1868 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/08 20:46:09.0625 1868 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/08 20:46:09.0981 1868 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/08 20:46:10.0094 1868 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
2011/09/08 20:46:10.0472 1868 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/09/08 20:46:10.0830 1868 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/08 20:46:11.0187 1868 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/08 20:46:11.0565 1868 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/08 20:46:11.0899 1868 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/08 20:46:12.0275 1868 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/09/08 20:46:12.0670 1868 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
2011/09/08 20:46:13.0217 1868 atikmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/08 20:46:13.0632 1868 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/09/08 20:46:14.0097 1868 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/08 20:46:14.0545 1868 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/08 20:46:14.0946 1868 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/09/08 20:46:15.0344 1868 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/08 20:46:15.0734 1868 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/08 20:46:16.0082 1868 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/08 20:46:16.0459 1868 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/08 20:46:16.0781 1868 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/08 20:46:17.0125 1868 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/08 20:46:17.0503 1868 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/08 20:46:17.0859 1868 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/08 20:46:18.0204 1868 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/08 20:46:18.0550 1868 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/08 20:46:18.0919 1868 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/08 20:46:19.0323 1868 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/08 20:46:19.0735 1868 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/08 20:46:19.0992 1868 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/08 20:46:20.0416 1868 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/08 20:46:20.0750 1868 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/08 20:46:21.0109 1868 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/09/08 20:46:21.0473 1868 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/08 20:46:21.0804 1868 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/08 20:46:22.0170 1868 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/08 20:46:22.0567 1868 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/09/08 20:46:22.0923 1868 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/08 20:46:23.0258 1868 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/08 20:46:23.0661 1868 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/08 20:46:24.0060 1868 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/09/08 20:46:24.0460 1868 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/08 20:46:25.0539 1868 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/08 20:46:25.0955 1868 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/08 20:46:26.0342 1868 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/08 20:46:26.0728 1868 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/08 20:46:27.0111 1868 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/08 20:46:27.0499 1868 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/08 20:46:27.0839 1868 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/08 20:46:28.0194 1868 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/08 20:46:28.0566 1868 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/08 20:46:28.0912 1868 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/09/08 20:46:29.0368 1868 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/08 20:46:29.0757 1868 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/08 20:46:30.0116 1868 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/08 20:46:30.0547 1868 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/08 20:46:31.0156 1868 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/08 20:46:31.0559 1868 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/09/08 20:46:31.0937 1868 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/08 20:46:32.0469 1868 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/08 20:46:32.0971 1868 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/08 20:46:33.0474 1868 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/08 20:46:34.0061 1868 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/08 20:46:34.0490 1868 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/08 20:46:34.0857 1868 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/09/08 20:46:35.0187 1868 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/08 20:46:35.0558 1868 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/08 20:46:36.0042 1868 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/08 20:46:36.0470 1868 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/08 20:46:36.0879 1868 IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
2011/09/08 20:46:37.0426 1868 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/08 20:46:37.0872 1868 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/08 20:46:38.0239 1868 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/08 20:46:38.0619 1868 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/08 20:46:39.0009 1868 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/08 20:46:39.0388 1868 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/08 20:46:39.0744 1868 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/08 20:46:40.0108 1868 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/08 20:46:40.0518 1868 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/09/08 20:46:41.0457 1868 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/08 20:46:42.0180 1868 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/08 20:46:42.0589 1868 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/08 20:46:42.0974 1868 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/08 20:46:43.0349 1868 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/08 20:46:43.0729 1868 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/09/08 20:46:44.0107 1868 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/08 20:46:44.0521 1868 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/08 20:46:45.0169 1868 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/08 20:46:45.0781 1868 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/08 20:46:46.0140 1868 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/08 20:46:46.0500 1868 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/08 20:46:46.0845 1868 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/08 20:46:47.0630 1868 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/08 20:46:47.0985 1868 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/08 20:46:48.0363 1868 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/08 20:46:48.0711 1868 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/08 20:46:49.0078 1868 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/08 20:46:49.0603 1868 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/09/08 20:46:49.0962 1868 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/08 20:46:50.0319 1868 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/08 20:46:50.0676 1868 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/08 20:46:51.0037 1868 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/08 20:46:51.0403 1868 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/08 20:46:51.0767 1868 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/08 20:46:52.0130 1868 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/08 20:46:52.0547 1868 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/08 20:46:53.0091 1868 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/08 20:46:53.0447 1868 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/08 20:46:53.0803 1868 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/08 20:46:54.0175 1868 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/08 20:46:54.0541 1868 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/08 20:46:54.0919 1868 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/08 20:46:55.0342 1868 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/09/08 20:46:55.0774 1868 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/08 20:46:56.0219 1868 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/08 20:46:56.0653 1868 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/08 20:46:57.0154 1868 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/08 20:46:57.0698 1868 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/08 20:46:58.0562 1868 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/09/08 20:46:59.0006 1868 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/08 20:46:59.0465 1868 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/08 20:46:59.0865 1868 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/08 20:47:00.0295 1868 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/08 20:47:00.0720 1868 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/09/08 20:47:01.0165 1868 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/08 20:47:01.0605 1868 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/08 20:47:02.0004 1868 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/08 20:47:02.0394 1868 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/08 20:47:02.0751 1868 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/08 20:47:03.0167 1868 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/09/08 20:47:03.0836 1868 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/08 20:47:04.0186 1868 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/08 20:47:04.0612 1868 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/08 20:47:05.0004 1868 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/08 20:47:05.0388 1868 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/08 20:47:05.0771 1868 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/08 20:47:06.0173 1868 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/09/08 20:47:06.0590 1868 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/09/08 20:47:06.0945 1868 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/08 20:47:07.0330 1868 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/08 20:47:07.0674 1868 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/08 20:47:08.0031 1868 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/08 20:47:08.0498 1868 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/08 20:47:08.0980 1868 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/08 20:47:09.0425 1868 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/08 20:47:09.0815 1868 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/08 20:47:10.0188 1868 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/08 20:47:10.0555 1868 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/08 20:47:10.0922 1868 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/08 20:47:11.0345 1868 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/08 20:47:11.0737 1868 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/08 20:47:12.0338 1868 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/08 20:47:12.0710 1868 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/08 20:47:13.0073 1868 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/08 20:47:13.0429 1868 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/08 20:47:13.0773 1868 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/08 20:47:14.0308 1868 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/08 20:47:14.0718 1868 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/08 20:47:15.0056 1868 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/09/08 20:47:15.0503 1868 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/09/08 20:47:15.0918 1868 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/08 20:47:16.0306 1868 RSUSBSTOR (e220d85daaa8318736f9b6b92f109146) C:\Windows\system32\Drivers\RtsUStor.sys
2011/09/08 20:47:17.0009 1868 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/08 20:47:17.0398 1868 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/08 20:47:17.0760 1868 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/08 20:47:18.0127 1868 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/08 20:47:18.0529 1868 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/08 20:47:18.0885 1868 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/08 20:47:19.0263 1868 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/08 20:47:19.0808 1868 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/08 20:47:20.0154 1868 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/08 20:47:20.0510 1868 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/08 20:47:20.0889 1868 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/08 20:47:21.0235 1868 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/08 20:47:21.0605 1868 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/08 20:47:21.0972 1868 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/08 20:47:22.0368 1868 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/09/08 20:47:22.0706 1868 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/08 20:47:23.0077 1868 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/09/08 20:47:23.0468 1868 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/09/08 20:47:23.0822 1868 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/09/08 20:47:24.0164 1868 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/08 20:47:24.0586 1868 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/08 20:47:24.0956 1868 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/08 20:47:25.0425 1868 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/09/08 20:47:25.0813 1868 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/08 20:47:26.0141 1868 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/08 20:47:26.0530 1868 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/08 20:47:26.0852 1868 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/08 20:47:27.0186 1868 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/08 20:47:27.0530 1868 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/08 20:47:27.0921 1868 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/08 20:47:28.0314 1868 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/08 20:47:28.0650 1868 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/08 20:47:29.0002 1868 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/08 20:47:29.0403 1868 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/08 20:47:29.0770 1868 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/08 20:47:30.0116 1868 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/08 20:47:30.0523 1868 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/09/08 20:47:30.0886 1868 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/08 20:47:31.0611 1868 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/08 20:47:31.0956 1868 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/08 20:47:32.0300 1868 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/09/08 20:47:32.0667 1868 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/08 20:47:33.0022 1868 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/08 20:47:33.0387 1868 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/08 20:47:33.0745 1868 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/08 20:47:34.0101 1868 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/08 20:47:34.0505 1868 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/08 20:47:34.0861 1868 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/08 20:47:35.0229 1868 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/08 20:47:35.0562 1868 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/08 20:47:35.0914 1868 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/08 20:47:36.0269 1868 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/08 20:47:36.0741 1868 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/08 20:47:37.0152 1868 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/09/08 20:47:37.0528 1868 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/08 20:47:37.0865 1868 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/08 20:47:38.0209 1868 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/09/08 20:47:38.0576 1868 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/08 20:47:38.0932 1868 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/08 20:47:39.0335 1868 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/08 20:47:39.0380 1868 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/08 20:47:40.0036 1868 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/08 20:47:40.0414 1868 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/08 20:47:40.0834 1868 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/08 20:47:41.0190 1868 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/08 20:47:41.0612 1868 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/08 20:47:42.0002 1868 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/08 20:47:42.0393 1868 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/09/08 20:47:42.0772 1868 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/08 20:47:42.0824 1868 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/09/08 20:47:42.0828 1868 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/08 20:47:42.0853 1868 Boot (0x1200) (af94616926af2dd383071b9fa6291d64) \Device\Harddisk0\DR0\Partition0
2011/09/08 20:47:42.0879 1868 Boot (0x1200) (9b12a26ceda5e73ba4e3a425e1bc4f5e) \Device\Harddisk0\DR0\Partition1
2011/09/08 20:47:42.0884 1868 ================================================================================
2011/09/08 20:47:42.0884 1868 Scan finished
2011/09/08 20:47:42.0884 1868 ================================================================================
2011/09/08 20:47:42.0894 1128 Detected object count: 1
2011/09/08 20:47:42.0895 1128 Actual detected object count: 1
2011/09/08 20:48:12.0651 1128 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/08 20:48:12.0651 1128 \Device\Harddisk0\DR0 - ok
2011/09/08 20:48:12.0652 1128 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/08 20:48:40.0665 2460 Deinitialize success



**************************************************
As for aswMBR, it did ask for avast virus definitions, so i decided to download it, im guessing it was what i was supposed to do? ALso the fix button was not highlighted but FixMBR was. The logfile it made when I opened it in notepad gave me alot of wierd characters and some text... I hope its what you wanted also

mbr88


**************************************************



3ÀŽÐ¼ |ŽÀŽØ¾ |¿ ¹ üó¤PhËû¹ ½¾€~ | …ƒÅâñ͈V UÆFÆF ´A»ªUÍ]rûUªu ÷Á tþFf`€~ t&fh fÿvh h |h h ´BŠV ‹ôÍŸƒÄžë¸» |ŠV ŠvŠNŠnÍfasþN… €~ €„Š ²€ë‚U2äŠV Í]ëœ>þ}Uªunÿv èŠ … °Ñædè °ßæ`èx °ÿædèq ¸ »Íf#Àu;fûTCPAu2ùr,fh» fh  fh fSfSfUfh fh | fah ÍZ2öê | Í ·ë ¶ë µ2ä ‹ð¬< tü» ´Íëò+Éädë $àø$ÃInvalid partition table Error loading operating system Missing operating system bz™1y1y ! 'þÿÿ  ीþÿÿþÿÿ è¥  þÿÿþÿÿ ©°Ú™# Uª


avp99
**************************************************

as for the avptool, i was hesitatnt to continue from here as the link had me put in my email to download it, it seemed trustworthy, it was at the kapersky lap website. which then took me to a page to select english or spanish version, and i went to download it, but its a 101 mb file, so i decided to cancel it, as again I am unsure if this program was what you wanted me to download. Sorry if it was. Let me know and i will download it and run your steps as soon as i read your reply.

Edited by Kovathos, 08 September 2011 - 07:15 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,003 posts
  • MVP
Looks like it wasn't zero access but just garden variety TDSS.tdl4 which TDSSKiller can usually handle. Don't know why it is suddenly pinging. Looking for new PCs to infect I guess. I would run TDSSKiller again to make sure the problem is really gone.

The file you posted from aswMBR was the actual MBR. If you change the extension to .txt you can attach it to a post but you can't open it with notepad and make any sense of it. There was a second file created by aswMBR that you can copy and paste.

It appears we don't need avp anyway so you can forget that.

Ron
  • 0

#5
Kovathos

Kovathos

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
yeah i noticed that it made another file on my desktop a little bit after the scan finished.

heres all the text

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-08 20:55:23
-----------------------------
20:55:23.676 OS Version: Windows x64 6.1.7600
20:55:23.676 Number of processors: 2 586 0x602
20:55:23.677 ComputerName: CHRIS-PC UserName: Chris
20:55:24.514 Initialize success
20:59:00.544 AVAST engine defs: 11090802
21:00:45.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:00:45.016 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC60F Size: 305245MB BusType: 11
21:00:47.031 Disk 0 MBR read successfully
21:00:47.031 Disk 0 MBR scan
21:00:47.033 Disk 0 Windows VISTA default MBR code
21:00:47.033 Service scanning
21:00:48.486 Modules scanning
21:00:48.486 Scan finished successfully
21:04:17.802 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
21:04:17.802 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"




also i did run another scan with tdsskiller and it found nothing.

So everything is good now? ping.exe still hasnt returned so im guessing so?
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,003 posts
  • MVP
I guess a little housecleaning is in order since it appears we got it.

Let's clear the old restore points and create a nice clean one:

Copy the text in the code box by highlighting and Ctrl + c

:Commands
[CLEARALLRESTOREPOINTS] 


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, it shouldn't need to reboot.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

c:\users\Chris\Desktop\ComboFix.exe /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL will do it for you so this is only if you decide to keep OTL):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows. There is an option on the upper right of the main update list to tell it not to do betas plus you can tell it to ignore updates for individual)


If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#7
Kovathos

Kovathos

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Well thank you for all your help. I and my laptop thank you :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP