Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Malware, Viruses also System Restore error


  • This topic is locked This topic is locked

#1
megaman186

megaman186

    Member

  • Member
  • PipPip
  • 23 posts
Hello, I have a problem with my computer I'm trying to run a System Restore but however it won't get past the initializing stage. The reason why im trying to runa system restore is because i had a Fake System Restore virus on my computer which i used these instruction to get rid of it:
http://answers.micro...fc-68b599b31bf5

And I still had Google redirects so i used this to get rid of them:
http://www.geekstogo...ogle-redirects/

but my computer feels like its a bit slower then usual and I think there still may be malware/spyware/viruses on it, so I'd like to use System Restore. Any reason why its stuck on the initializing stage?

Also the fake system Restore looked like this:
http://www.automotiv...ion-program.jpg

and it had hidden every single program folder on my computer which i used an un-hider to unhidden everything on my computer to fix this problem but I don't feel my computer is healthy.

Thanks!.

Attached Files


Edited by megaman186, 12 November 2011 - 06:51 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there

First do you have all the files and folders back ?

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
megaman186

megaman186

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Yes I appear to have all the files and folders back. but i appear to be missing my realtek thing on my taskbar, all i have is ati catalyst and ESET NOD32 (also the original windows ones like speakers, network, action center)

Also here are the logs as attachments:

OTL logfile created on: 11/14/2011 5:47:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Timothy\Desktop
64bit- Ultimate Edition Service Pack 3 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 75.53% Memory free
11.90 Gb Paging File | 9.76 Gb Available in Paging File | 82.04% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 713.31 Gb Free Space | 76.58% Space Free | Partition Type: NTFS

Computer Name: TIMOTHY-PC | User Name: Timothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 17:36:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
PRC - [2011/11/06 19:57:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/16 17:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/30 12:40:02 | 000,144,712 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
PRC - [2011/03/21 12:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/02/22 22:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
PRC - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/03/12 18:39:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 23:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 23:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/13 07:09:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/10/12 16:19:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/05/28 14:28:06 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/02/22 22:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 12:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/12 18:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)
SRV - [2011/11/06 19:57:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/25 16:28:25 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/05 10:28:00 | 004,004,328 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/03/30 12:40:02 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2011/03/21 12:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/03/13 14:00:43 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe -- (AMD FusionUtility Service)
SRV - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/13 07:56:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/13 06:30:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/13 19:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/09/13 19:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/08/09 13:57:12 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2011/06/10 17:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/07 09:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/05/10 09:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/13 16:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/06/17 20:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/27 14:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/12/18 09:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/08/10 08:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 12:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/06/17 10:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV - [2011/11/14 14:20:33 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/11/06 23:39:08 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/07/17 21:24:48 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2011/06/26 14:42:00 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 2A DC 6A 0F D6 CB 01 [binary data]
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....ome.php?ref=hp"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://au.search.yah...type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Timothy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@web3d.com/Web 3D Player,version=2.0: C:\Program Files (x86)\Web 3D Player\npgamecore.dll (Helios Interactive)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/11/06 18:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/21 23:13:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/21 23:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/11/12 18:37:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2011/08/24 10:31:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/06 18:12:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/21 23:13:41 | 000,000,000 | ---D | M]

[2011/07/11 20:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Extensions
[2011/10/21 23:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\i6iwrqtm.default\extensions
[2011/10/21 23:44:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\i6iwrqtm.default\extensions\avg@toolbar
[2011/11/04 19:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\rs0ljvq8.default\extensions
[2011/10/21 23:44:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\rs0ljvq8.default\extensions\avg@toolbar
[2011/10/21 23:15:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\rs0ljvq8.default\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Timothy\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Timothy\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Timothy\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npMozCouponPrinter.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: GameCore 2.0 Web Player (Enabled) = C:\Program Files (x86)\Web 3D Player\npgamecore.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Timothy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/13 11:42:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1441474589-596432395-1113266856-1000..\Run: [Akamai NetSession Interface] C:\Users\Timothy\AppData\Local\Akamai\netsession_win.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found
O4 - HKU\S-1-5-18..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.53.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A269E1C1-023D-425F-9EA4-AEB5FE7A2BD4}: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/22 19:17:10 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 17:36:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
[2011/11/13 11:42:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/13 10:49:56 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/11/12 17:53:50 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/11/12 17:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/11/11 12:33:20 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Skyrim
[2011/11/10 17:29:16 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Akamai
[2011/11/09 13:32:34 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\OCCT
[2011/11/06 23:05:25 | 000,036,416 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\ET5Drv.sys
[2011/11/06 21:37:12 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\OpenOffice.org
[2011/11/06 21:36:22 | 000,000,000 | --SD | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/11/06 21:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011/11/06 18:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/11/06 18:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/11/06 18:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/06 16:53:08 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Desktop\Compile
[2011/11/06 14:17:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cache
[2011/11/06 02:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/06 02:04:12 | 000,539,240 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2011/11/05 22:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/05 22:35:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LocalAppData%
[2011/11/05 15:33:32 | 000,000,000 | -HSD | C] -- C:\Users\Timothy\%APPDATA%
[2011/11/04 21:04:50 | 000,000,000 | ---D | C] -- C:\AVG2012
[2011/11/03 22:37:48 | 000,000,000 | -HSD | C] -- C:\Users\Timothy\Desktop\%APPDATA%
[2011/11/03 20:46:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011/11/03 20:45:54 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011/11/03 18:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2011/11/03 17:51:44 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Apps
[2011/11/01 21:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/11/01 21:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/01 21:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/11/01 21:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/11/01 21:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/11/01 21:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/11/01 21:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/11/01 21:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/10/27 01:02:05 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Battlefield 3
[2011/10/27 00:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2011/10/23 13:34:54 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\New Technology Studio
[2011/10/23 00:08:58 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\BSD
[2011/10/23 00:08:55 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\APN
[2011/10/23 00:08:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BSD
[2011/10/23 00:08:46 | 001,666,048 | ---- | C] (Bootstrap Development, LLC.) -- C:\Windows\bsdsetup.dll
[2011/10/23 00:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\BSD
[2011/10/22 19:35:25 | 000,000,000 | ---D | C] -- C:\UDK
[2011/10/22 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Rockstar Games
[2011/10/22 11:19:18 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Rockstar Games
[2011/10/22 11:19:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011/10/22 11:09:50 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011/10/22 10:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2011/10/22 08:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2011/10/22 00:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/22 00:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/22 00:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/22 00:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/22 00:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/22 00:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/20 12:36:50 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\AVG2012
[2011/10/20 12:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2011/10/20 12:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/20 12:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/10/20 12:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/19 16:26:47 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\TSVNCache
[2011/10/18 19:31:57 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\TortoiseSVN
[2011/10/18 17:27:38 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Subversion
[2011/10/18 17:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2011/10/18 17:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2011/10/18 17:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2011/10/18 17:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TortoiseOverlays
[2011/10/15 20:09:35 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD
[2011/10/15 20:08:36 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Downloaded Installations
[2011/10/01 01:33:00 | 000,032,072 | ---- | C] (Microsoft Corporation) -- C:\Users\Timothy\AppData\Roaming\QBL1QGSRK2.exe

========== Files - Modified Within 30 Days ==========

[2011/11/14 17:45:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1441474589-596432395-1113266856-1000UA.job
[2011/11/14 17:36:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
[2011/11/14 14:25:37 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 14:25:37 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 14:20:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/13 16:00:05 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/13 16:00:05 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/13 11:42:06 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/12 22:33:56 | 000,010,416 | ---- | M] () -- C:\bootsqm.dat
[2011/11/12 17:56:36 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/12 17:53:51 | 000,000,296 | ---- | M] () -- C:\ProgramData\~MIIJ15qarlBii8
[2011/11/12 17:53:51 | 000,000,232 | ---- | M] () -- C:\ProgramData\~MIIJ15qarlBii8r
[2011/11/12 17:53:45 | 000,000,336 | ---- | M] () -- C:\ProgramData\MIIJ15qarlBii8
[2011/11/12 17:52:13 | 000,792,614 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/12 17:52:13 | 000,669,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/12 17:52:13 | 000,125,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/12 11:47:19 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/10 19:06:46 | 000,000,132 | ---- | M] () -- C:\Users\Timothy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/10 19:06:08 | 000,000,132 | ---- | M] () -- C:\Users\Timothy\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/10 17:38:59 | 004,870,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/07 07:45:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1441474589-596432395-1113266856-1000Core.job
[2011/11/06 23:39:08 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2011/11/06 21:36:23 | 000,001,192 | ---- | M] () -- C:\Users\Timothy\Desktop\OpenOffice.org 3.3.lnk
[2011/11/06 19:57:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/06 18:11:06 | 000,007,597 | ---- | M] () -- C:\Users\Timothy\AppData\Local\Resmon.ResmonCfg
[2011/11/06 14:18:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/05 22:33:17 | 000,809,708 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/25 21:29:47 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2011/10/24 15:25:54 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2011/10/22 11:16:26 | 000,000,898 | ---- | M] () -- C:\Users\Timothy\Desktop\Downloads.lnk
[2011/10/22 11:09:50 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011/10/19 22:14:52 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll

========== Files Created - No Company Name ==========

[2011/11/12 22:33:56 | 000,010,416 | ---- | C] () -- C:\bootsqm.dat
[2011/11/12 18:44:11 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 10.0.lnk
[2011/11/12 18:44:00 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/12 18:44:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/12 18:44:00 | 000,001,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/11/12 18:44:00 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/12 18:44:00 | 000,001,389 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/11/12 18:44:00 | 000,001,382 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/12 18:44:00 | 000,001,380 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/11/12 18:44:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/12 18:44:00 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/12 18:44:00 | 000,001,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/12 18:44:00 | 000,001,282 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/11/12 18:44:00 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2011/11/12 18:44:00 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/12 18:44:00 | 000,001,242 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 12.lnk
[2011/11/12 18:44:00 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/12 18:44:00 | 000,001,177 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/11/12 18:44:00 | 000,001,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/11/12 17:56:36 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/12 17:53:51 | 000,000,296 | ---- | C] () -- C:\ProgramData\~MIIJ15qarlBii8
[2011/11/12 17:53:51 | 000,000,232 | ---- | C] () -- C:\ProgramData\~MIIJ15qarlBii8r
[2011/11/12 17:53:45 | 000,000,336 | ---- | C] () -- C:\ProgramData\MIIJ15qarlBii8
[2011/11/10 19:06:46 | 000,000,132 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/10 19:06:08 | 000,000,132 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/06 23:05:35 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/11/06 21:36:23 | 000,001,192 | ---- | C] () -- C:\Users\Timothy\Desktop\OpenOffice.org 3.3.lnk
[2011/11/06 02:04:12 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2011/11/02 00:38:58 | 000,007,597 | ---- | C] () -- C:\Users\Timothy\AppData\Local\Resmon.ResmonCfg
[2011/10/26 13:06:11 | 002,580,552 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/10/24 15:41:15 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/10/24 15:25:54 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011/10/22 11:16:26 | 000,000,898 | ---- | C] () -- C:\Users\Timothy\Desktop\Downloads.lnk
[2011/10/19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/06 22:30:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/03 23:37:13 | 000,000,099 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\RSBuddy_sikorsky14.ini
[2011/10/01 01:33:31 | 000,074,633 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\Keylogger
[2011/08/29 14:27:57 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2011/07/19 00:28:19 | 000,122,932 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/17 18:48:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/10 16:40:24 | 000,000,095 | ---- | C] () -- C:\Users\Timothy\AppData\Local\fusioncache.dat
[2011/06/30 23:45:02 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011/06/30 15:09:23 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/30 15:09:23 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/26 14:42:01 | 000,011,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2011/06/18 23:55:43 | 000,208,103 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011/05/07 00:02:32 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/04/30 19:32:44 | 000,000,016 | R--- | C] () -- C:\Users\Timothy\AppData\Local\D28F2E04.ini
[2011/03/26 22:48:02 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011/03/26 21:45:03 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/03/22 15:54:17 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2011/03/18 04:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/04 21:39:15 | 000,809,708 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/04 21:33:15 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/04 21:33:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/02/27 10:18:12 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2011/02/27 10:03:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/04/01 10:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2009/09/16 19:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/08/27 18:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/29 08:09:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2011/08/18 18:29:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Virtual CD v10
[2011/04/29 08:09:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2011/04/29 08:09:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2011/10/21 23:15:05 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\.minecraft
[2011/10/21 23:15:06 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\ArmA II Launcher
[2011/07/07 22:52:18 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Autodesk
[2011/10/20 12:36:50 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\AVG2012
[2011/10/23 00:08:58 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\BSD
[2011/10/21 23:15:06 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\EZCA
[2011/10/21 23:15:06 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\IObit
[2011/08/31 16:22:47 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Leadertech
[2011/08/26 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Need for Speed World
[2011/10/23 13:34:54 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\New Technology Studio
[2011/11/06 21:37:12 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\OpenOffice.org
[2011/10/27 00:07:12 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Origin
[2011/08/13 01:34:16 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\PFStaticIP
[2011/09/05 20:48:48 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\PRAA
[2011/07/30 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Publish Providers
[2011/07/17 00:30:50 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\RadarSync
[2011/10/21 23:15:14 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Sony
[2011/10/18 17:27:38 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Subversion
[2011/11/07 07:36:03 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\uTorrent
[2011/10/21 23:15:14 | 000,000,000 | --SD | M] -- C:\Users\Timothy\AppData\Roaming\Virtual CD v10
[2011/04/29 08:09:42 | 000,000,000 | ---D | M] -- C:\Users\Timothy.Timothy-PC\AppData\Roaming\IObit
[2011/08/18 18:20:20 | 000,000,000 | ---D | M] -- C:\Users\Timothy.Timothy-PC\AppData\Roaming\Virtual CD v10
[2011/11/06 17:53:43 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 16:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 17:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 17:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 17:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 00:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\ERDNT\cache86\explorer.exe
[2010/11/21 00:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 12:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 12:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 12:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 12:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 12:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 12:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 23:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 00:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/21 00:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 00:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 00:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/21 00:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 00:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:471C4A2D

< End of report >

Attached Files

  • Attached File  OTL.Txt   112.46KB   115 downloads
  • Attached File  Extras.Txt   55.77KB   139 downloads

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run can you let me know how the computer is behaving


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
    [2011/11/12 17:53:50 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
    [2011/10/01 01:33:00 | 000,032,072 | ---- | C] (Microsoft Corporation) -- C:\Users\Timothy\AppData\Roaming\QBL1QGSRK2.exe
    [2011/11/12 17:53:51 | 000,000,296 | ---- | M] () -- C:\ProgramData\~MIIJ15qarlBii8
    [2011/11/12 17:53:51 | 000,000,232 | ---- | M] () -- C:\ProgramData\~MIIJ15qarlBii8r
    [2011/11/12 17:53:45 | 000,000,336 | ---- | M] () -- C:\ProgramData\MIIJ15qarlBii8

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Try this to restore the default Icons
Click the little up arrow at the bottom right and select customise


Then in the drop down select how you want this icons displayed

  • 0

#5
megaman186

megaman186

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
my computer appears to be behaving fine, although I don't have that arrow in the bottom right corner like I used to but i right clicked on the taskbar and clicked properties and then clicked customize notifications which brought up the same thing but I couldn't find the Realtek thing.



Here is the log you requested:




OTL logfile created on: 11/15/2011 4:39:48 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Timothy\Desktop
64bit- Ultimate Edition Service Pack 3 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.44 Gb Available Physical Memory | 80.54% Memory free
11.90 Gb Paging File | 10.11 Gb Available in Paging File | 84.94% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 712.37 Gb Free Space | 76.48% Space Free | Partition Type: NTFS

Computer Name: TIMOTHY-PC | User Name: Timothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/15 16:23:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
PRC - [2011/11/06 19:57:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/16 17:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/30 12:40:02 | 000,144,712 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
PRC - [2011/03/21 12:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/02/22 22:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
PRC - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/03/12 18:39:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 23:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 23:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/13 07:09:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/10/12 16:19:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/05/28 14:28:06 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/02/22 22:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 12:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/12 18:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)
SRV - [2011/11/06 19:57:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/25 16:28:25 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/05 10:28:00 | 004,004,328 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/03/30 12:40:02 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2011/03/21 12:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/03/13 14:00:43 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe -- (AMD FusionUtility Service)
SRV - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/13 07:56:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/13 06:30:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/13 19:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/09/13 19:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/08/09 13:57:12 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2011/06/10 17:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/07 09:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/05/10 09:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/13 16:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/06/17 20:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/27 14:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/12/18 09:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/08/10 08:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 12:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/06/17 10:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV - [2011/11/15 16:37:20 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/11/06 23:39:08 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/07/17 21:24:48 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2011/06/26 14:42:00 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 2A DC 6A 0F D6 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....ome.php?ref=hp"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://au.search.yah...type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@web3d.com/Web 3D Player,version=2.0: C:\Program Files (x86)\Web 3D Player\npgamecore.dll (Helios Interactive)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/11/06 18:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/21 23:13:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/21 23:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/11/12 18:37:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2011/08/24 10:31:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/06 18:12:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/21 23:13:41 | 000,000,000 | ---D | M]

[2011/07/11 20:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Extensions
[2011/10/21 23:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\i6iwrqtm.default\extensions
[2011/10/21 23:44:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\i6iwrqtm.default\extensions\avg@toolbar
[2011/11/04 19:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\rs0ljvq8.default\extensions
[2011/10/21 23:44:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\rs0ljvq8.default\extensions\avg@toolbar
[2011/10/21 23:15:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\rs0ljvq8.default\extensions\[email protected]

O1 HOSTS File: ([2011/11/15 16:25:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.53.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A269E1C1-023D-425F-9EA4-AEB5FE7A2BD4}: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/22 19:17:10 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 16:25:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/15 16:23:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
[2011/11/14 20:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/11/13 11:42:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/13 10:49:56 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/11/12 17:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/11/11 12:33:20 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Skyrim
[2011/11/10 17:29:16 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Akamai
[2011/11/09 13:32:34 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\OCCT
[2011/11/06 23:05:25 | 000,036,416 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\ET5Drv.sys
[2011/11/06 21:37:12 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\OpenOffice.org
[2011/11/06 21:36:22 | 000,000,000 | --SD | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/11/06 21:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011/11/06 18:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/11/06 18:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/11/06 18:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/06 16:53:08 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Desktop\Compile
[2011/11/06 14:17:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cache
[2011/11/06 02:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/06 02:04:12 | 000,539,240 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2011/11/05 22:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/05 22:35:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LocalAppData%
[2011/11/05 15:33:32 | 000,000,000 | -HSD | C] -- C:\Users\Timothy\%APPDATA%
[2011/11/04 21:04:50 | 000,000,000 | ---D | C] -- C:\AVG2012
[2011/11/03 22:37:48 | 000,000,000 | -HSD | C] -- C:\Users\Timothy\Desktop\%APPDATA%
[2011/11/03 20:46:02 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011/11/03 20:45:54 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011/11/03 18:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2011/11/03 17:51:44 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Apps
[2011/11/01 21:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/11/01 21:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/01 21:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/11/01 21:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/11/01 21:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/11/01 21:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/11/01 21:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/11/01 21:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/10/27 01:02:05 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Battlefield 3
[2011/10/27 00:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2011/10/23 13:34:54 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\New Technology Studio
[2011/10/23 00:08:58 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\BSD
[2011/10/23 00:08:55 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\APN
[2011/10/23 00:08:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BSD
[2011/10/23 00:08:46 | 001,666,048 | ---- | C] (Bootstrap Development, LLC.) -- C:\Windows\bsdsetup.dll
[2011/10/23 00:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\BSD
[2011/10/22 19:35:25 | 000,000,000 | ---D | C] -- C:\UDK
[2011/10/22 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Rockstar Games
[2011/10/22 11:19:18 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Rockstar Games
[2011/10/22 11:19:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011/10/22 11:09:50 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011/10/22 10:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2011/10/22 08:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2011/10/22 00:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/22 00:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/22 00:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/22 00:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/22 00:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/22 00:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/20 12:36:50 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\AVG2012
[2011/10/20 12:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2011/10/20 12:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/20 12:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/10/20 12:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/19 16:26:47 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\TSVNCache
[2011/10/18 19:31:57 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\TortoiseSVN
[2011/10/18 17:27:38 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Subversion
[2011/10/18 17:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2011/10/18 17:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2011/10/18 17:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2011/10/18 17:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TortoiseOverlays

========== Files - Modified Within 30 Days ==========

[2011/11/15 16:42:24 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 16:42:24 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 16:36:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/15 16:25:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/15 16:23:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
[2011/11/14 23:06:13 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/14 23:06:13 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/14 23:04:26 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/12 17:56:36 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/12 17:52:13 | 000,792,614 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/12 17:52:13 | 000,669,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/12 17:52:13 | 000,125,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/10 19:06:46 | 000,000,132 | ---- | M] () -- C:\Users\Timothy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/10 19:06:08 | 000,000,132 | ---- | M] () -- C:\Users\Timothy\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/10 17:38:59 | 004,870,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/06 23:39:08 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2011/11/06 21:36:23 | 000,001,192 | ---- | M] () -- C:\Users\Timothy\Desktop\OpenOffice.org 3.3.lnk
[2011/11/06 19:57:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/06 18:11:06 | 000,007,597 | ---- | M] () -- C:\Users\Timothy\AppData\Local\Resmon.ResmonCfg
[2011/11/06 14:18:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/05 22:33:17 | 000,809,708 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/25 21:29:47 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2011/10/24 15:25:54 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2011/10/22 11:16:26 | 000,000,898 | ---- | M] () -- C:\Users\Timothy\Desktop\Downloads.lnk
[2011/10/22 11:09:50 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011/10/19 22:14:52 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll

========== Files Created - No Company Name ==========

[2011/11/12 18:44:11 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 10.0.lnk
[2011/11/12 18:44:00 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/12 18:44:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/12 18:44:00 | 000,001,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/11/12 18:44:00 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/12 18:44:00 | 000,001,389 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/11/12 18:44:00 | 000,001,382 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/12 18:44:00 | 000,001,380 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/11/12 18:44:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/12 18:44:00 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/12 18:44:00 | 000,001,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/12 18:44:00 | 000,001,282 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/11/12 18:44:00 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2011/11/12 18:44:00 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/12 18:44:00 | 000,001,242 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 12.lnk
[2011/11/12 18:44:00 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/12 18:44:00 | 000,001,177 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/11/12 18:44:00 | 000,001,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/11/12 17:56:36 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 19:06:46 | 000,000,132 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/10 19:06:08 | 000,000,132 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/06 23:05:35 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/11/06 21:36:23 | 000,001,192 | ---- | C] () -- C:\Users\Timothy\Desktop\OpenOffice.org 3.3.lnk
[2011/11/06 02:04:12 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2011/11/02 00:38:58 | 000,007,597 | ---- | C] () -- C:\Users\Timothy\AppData\Local\Resmon.ResmonCfg
[2011/10/26 13:06:11 | 002,580,552 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/10/24 15:41:15 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/10/24 15:25:54 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011/10/22 11:16:26 | 000,000,898 | ---- | C] () -- C:\Users\Timothy\Desktop\Downloads.lnk
[2011/10/19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/06 22:30:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/03 23:37:13 | 000,000,099 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\RSBuddy_sikorsky14.ini
[2011/10/01 01:33:31 | 000,074,633 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\Keylogger
[2011/08/29 14:27:57 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2011/07/19 00:28:19 | 000,122,932 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/17 18:48:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/10 16:40:24 | 000,000,095 | ---- | C] () -- C:\Users\Timothy\AppData\Local\fusioncache.dat
[2011/06/30 23:45:02 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011/06/30 15:09:23 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/30 15:09:23 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/26 14:42:01 | 000,011,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2011/06/18 23:55:43 | 000,208,103 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011/05/07 00:02:32 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/04/30 19:32:44 | 000,000,016 | R--- | C] () -- C:\Users\Timothy\AppData\Local\D28F2E04.ini
[2011/03/26 22:48:02 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011/03/26 21:45:03 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/03/22 15:54:17 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2011/03/18 04:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/04 21:39:15 | 000,809,708 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/04 21:33:15 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/04 21:33:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/02/27 10:18:12 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2011/02/27 10:03:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/04/01 10:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2009/09/16 19:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/08/27 18:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/21 23:15:05 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\.minecraft
[2011/10/21 23:15:06 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\ArmA II Launcher
[2011/07/07 22:52:18 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Autodesk
[2011/10/20 12:36:50 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\AVG2012
[2011/10/23 00:08:58 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\BSD
[2011/10/21 23:15:06 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\EZCA
[2011/10/21 23:15:06 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\IObit
[2011/08/31 16:22:47 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Leadertech
[2011/08/26 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Need for Speed World
[2011/10/23 13:34:54 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\New Technology Studio
[2011/11/06 21:37:12 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\OpenOffice.org
[2011/10/27 00:07:12 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Origin
[2011/08/13 01:34:16 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\PFStaticIP
[2011/09/05 20:48:48 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\PRAA
[2011/07/30 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Publish Providers
[2011/07/17 00:30:50 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\RadarSync
[2011/10/21 23:15:14 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Sony
[2011/10/18 17:27:38 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Subversion
[2011/11/07 07:36:03 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\uTorrent
[2011/10/21 23:15:14 | 000,000,000 | --SD | M] -- C:\Users\Timothy\AppData\Roaming\Virtual CD v10
[2011/11/06 17:53:43 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:471C4A2D

< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Open control panel and select the realtek manager
Click the i in the bottom right
Then select show icon


Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :yes:
  • 0

#7
megaman186

megaman186

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
thank you, so far however i think i still have that Google re-director annoyingly as I tried clicking onto a link for AMD.com on Google and it kept going to some 130.com site or something and then redirecting some where else.

Edited by megaman186, 16 November 2011 - 06:00 AM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I thought that was cleared - OK lets look a tad deeper

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#9
megaman186

megaman186

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the log well the first one ( I ran 2 because the first scan didn't seem right to me):




aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-17 16:18:39
-----------------------------
16:18:39.184 OS Version: Windows x64 6.1.7601 Service Pack 3
16:18:39.184 Number of processors: 4 586 0x403
16:18:39.184 ComputerName: TIMOTHY-PC UserName: Timothy
16:18:43.696 Initialze error C000010E - driver not loaded
16:20:21.210 AVAST engine defs: 11111601
16:20:45.449 Service scanning
16:20:53.944 Modules scanning
16:20:53.946 Disk 0 trace - called modules:
16:20:53.947
16:20:56.567 AVAST engine scan C:\Windows
16:21:02.473 AVAST engine scan C:\Windows\system32
16:23:07.881 AVAST engine scan C:\Windows\system32\drivers
16:23:24.034 AVAST engine scan C:\Users\Timothy
16:30:59.003 AVAST engine scan C:\ProgramData
16:35:05.000 Scan finished successfully
16:36:19.069 The log file has been saved successfully to "C:\Users\Timothy\Desktop\aswMBR.txt"



And now the second scan:



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-17 16:38:17
-----------------------------
16:38:17.536 OS Version: Windows x64 6.1.7601 Service Pack 3
16:38:17.536 Number of processors: 4 586 0x403
16:38:17.536 ComputerName: TIMOTHY-PC UserName: Timothy
16:38:23.670 Initialize success
16:38:26.368 AVAST engine defs: 11111601
16:38:36.387 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:38:36.387 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
16:38:36.418 Disk 0 MBR read successfully
16:38:36.418 Disk 0 MBR scan
16:38:36.418 Disk 0 Windows 7 default MBR code
16:38:36.418 Disk 0 MBR hidden
16:38:36.418 Service scanning
16:38:37.978 Modules scanning
16:38:37.978 Disk 0 trace - called modules:
16:38:37.978 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007aad334]<<
16:38:37.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079d5060]
16:38:37.978 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8007537940]
16:38:37.978 5 ACPI.sys[fffff88000eed7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80077e1060]
16:38:37.978 \Driver\atapi[0xfffffa8006ac7060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007aad334
16:38:44.171 AVAST engine scan C:\Windows
16:38:47.322 AVAST engine scan C:\Windows\system32
16:40:41.239 AVAST engine scan C:\Windows\system32\drivers
16:40:56.838 AVAST engine scan C:\Users\Timothy
16:46:25.316 AVAST engine scan C:\ProgramData
16:49:14.018 Scan finished successfully
16:49:52.523 Disk 0 MBR has been saved successfully to "C:\Users\Timothy\Desktop\MBR.dat"
16:49:52.526 The log file has been saved successfully to "C:\Users\Timothy\Desktop\aswMBR.txt"

Edited by megaman186, 16 November 2011 - 11:51 PM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is an intriguing result

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

Advertisements


#11
megaman186

megaman186

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
It found nothing :/



17:57:27.0906 3368 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
17:57:29.0907 3368 ============================================================
17:57:29.0907 3368 Current date / time: 2011/11/18 17:57:29.0907
17:57:29.0907 3368 SystemInfo:
17:57:29.0907 3368
17:57:29.0907 3368 OS Version: 6.1.7601 ServicePack: 3.0
17:57:29.0907 3368 Product type: Workstation
17:57:29.0907 3368 ComputerName: TIMOTHY-PC
17:57:29.0907 3368 UserName: Timothy
17:57:29.0907 3368 Windows directory: C:\Windows
17:57:29.0907 3368 System windows directory: C:\Windows
17:57:29.0907 3368 Running under WOW64
17:57:29.0907 3368 Processor architecture: Intel x64
17:57:29.0907 3368 Number of processors: 4
17:57:29.0907 3368 Page size: 0x1000
17:57:29.0907 3368 Boot type: Normal boot
17:57:29.0907 3368 ============================================================
17:57:31.0172 3368 Initialize success
17:57:56.0418 4100 ============================================================
17:57:56.0418 4100 Scan started
17:57:56.0418 4100 Mode: Manual; SigCheck; TDLFS;
17:57:56.0418 4100 ============================================================
17:57:58.0863 4100 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:57:58.0941 4100 1394ohci - ok
17:57:59.0001 4100 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:57:59.0011 4100 ACPI - ok
17:57:59.0039 4100 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:57:59.0096 4100 AcpiPmi - ok
17:57:59.0187 4100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:57:59.0231 4100 adp94xx - ok
17:57:59.0256 4100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:57:59.0284 4100 adpahci - ok
17:57:59.0307 4100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:57:59.0316 4100 adpu320 - ok
17:57:59.0412 4100 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:57:59.0449 4100 AFD - ok
17:57:59.0476 4100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:57:59.0495 4100 agp440 - ok
17:57:59.0536 4100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:57:59.0551 4100 aliide - ok
17:57:59.0628 4100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:57:59.0643 4100 amdide - ok
17:57:59.0691 4100 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
17:57:59.0886 4100 amdiox64 - ok
17:57:59.0908 4100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:57:59.0951 4100 AmdK8 - ok
17:58:00.0218 4100 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
17:58:00.0483 4100 amdkmdag - ok
17:58:00.0514 4100 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
17:58:00.0545 4100 amdkmdap - ok
17:58:00.0613 4100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:58:00.0643 4100 AmdPPM - ok
17:58:00.0683 4100 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:58:00.0708 4100 amdsata - ok
17:58:00.0747 4100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:58:00.0765 4100 amdsbs - ok
17:58:00.0781 4100 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:58:00.0786 4100 amdxata - ok
17:58:00.0871 4100 AODDriver4.0 (f312fad7dbd49ed21a194ac71b497832) c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:58:00.0877 4100 AODDriver4.0 - ok
17:58:00.0910 4100 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:58:00.0914 4100 AODDriver4.01 - ok
17:58:00.0959 4100 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:58:01.0091 4100 AppID - ok
17:58:01.0159 4100 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:58:01.0176 4100 arc - ok
17:58:01.0201 4100 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:58:01.0208 4100 arcsas - ok
17:58:01.0260 4100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:58:01.0353 4100 AsyncMac - ok
17:58:01.0387 4100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:58:01.0393 4100 atapi - ok
17:58:01.0457 4100 atidgllk - ok
17:58:01.0538 4100 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
17:58:01.0574 4100 AtiHDAudioService - ok
17:58:01.0601 4100 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
17:58:01.0605 4100 AtiPcie - ok
17:58:01.0672 4100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:58:01.0715 4100 b06bdrv - ok
17:58:01.0737 4100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:58:01.0771 4100 b57nd60a - ok
17:58:01.0818 4100 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:58:01.0853 4100 Beep - ok
17:58:01.0911 4100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:58:01.0938 4100 blbdrive - ok
17:58:02.0005 4100 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:58:02.0039 4100 bowser - ok
17:58:02.0053 4100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:58:02.0084 4100 BrFiltLo - ok
17:58:02.0105 4100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:58:02.0126 4100 BrFiltUp - ok
17:58:02.0149 4100 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:58:02.0208 4100 Brserid - ok
17:58:02.0230 4100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:58:02.0288 4100 BrSerWdm - ok
17:58:02.0314 4100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:58:02.0346 4100 BrUsbMdm - ok
17:58:02.0364 4100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:58:02.0388 4100 BrUsbSer - ok
17:58:02.0407 4100 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:58:02.0436 4100 BTHMODEM - ok
17:58:02.0460 4100 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:58:02.0492 4100 cdfs - ok
17:58:02.0541 4100 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:58:02.0582 4100 cdrom - ok
17:58:02.0602 4100 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:58:02.0612 4100 circlass - ok
17:58:02.0644 4100 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:58:02.0653 4100 CLFS - ok
17:58:02.0702 4100 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:58:02.0732 4100 CmBatt - ok
17:58:02.0765 4100 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:58:02.0781 4100 cmdide - ok
17:58:02.0819 4100 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
17:58:02.0861 4100 CNG - ok
17:58:02.0883 4100 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:58:02.0900 4100 Compbatt - ok
17:58:02.0944 4100 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:58:02.0968 4100 CompositeBus - ok
17:58:02.0989 4100 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:58:02.0996 4100 crcdisk - ok
17:58:03.0054 4100 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:58:03.0103 4100 CSC - ok
17:58:03.0162 4100 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
17:58:03.0216 4100 dc3d - ok
17:58:03.0252 4100 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:58:03.0275 4100 DfsC - ok
17:58:03.0312 4100 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:58:03.0349 4100 discache - ok
17:58:03.0372 4100 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:58:03.0380 4100 Disk - ok
17:58:03.0446 4100 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:58:03.0472 4100 Dot4 - ok
17:58:03.0533 4100 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:58:03.0551 4100 Dot4Print - ok
17:58:03.0584 4100 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:58:03.0626 4100 dot4usb - ok
17:58:03.0654 4100 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:58:03.0685 4100 drmkaud - ok
17:58:03.0787 4100 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
17:58:03.0793 4100 DrvAgent64 - ok
17:58:03.0892 4100 dump_wmimmc - ok
17:58:04.0085 4100 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:58:04.0106 4100 DXGKrnl - ok
17:58:04.0144 4100 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
17:58:04.0151 4100 eamonm - ok
17:58:04.0204 4100 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:58:04.0318 4100 ebdrv - ok
17:58:04.0370 4100 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
17:58:04.0386 4100 ehdrv - ok
17:58:04.0451 4100 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:58:04.0466 4100 ElbyCDIO - ok
17:58:04.0486 4100 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:58:04.0500 4100 elxstor - ok
17:58:04.0556 4100 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
17:58:04.0563 4100 epfwwfpr - ok
17:58:04.0584 4100 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:58:04.0619 4100 ErrDev - ok
17:58:04.0661 4100 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:58:04.0703 4100 exfat - ok
17:58:04.0724 4100 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:58:04.0785 4100 fastfat - ok
17:58:04.0877 4100 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:58:04.0917 4100 fdc - ok
17:58:04.0943 4100 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:58:04.0949 4100 FileInfo - ok
17:58:04.0970 4100 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:58:05.0014 4100 Filetrace - ok
17:58:05.0072 4100 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:58:05.0080 4100 flpydisk - ok
17:58:05.0105 4100 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:58:05.0113 4100 FltMgr - ok
17:58:05.0149 4100 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:58:05.0164 4100 FsDepends - ok
17:58:05.0178 4100 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:58:05.0193 4100 Fs_Rec - ok
17:58:05.0219 4100 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:58:05.0228 4100 fvevol - ok
17:58:05.0261 4100 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:58:05.0295 4100 gagp30kx - ok
17:58:05.0321 4100 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
17:58:05.0335 4100 gdrv - ok
17:58:05.0392 4100 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:58:05.0397 4100 GEARAspiWDM - ok
17:58:05.0410 4100 GGSAFERDriver - ok
17:58:05.0451 4100 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
17:58:05.0456 4100 GVTDrv64 - ok
17:58:05.0512 4100 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:58:05.0535 4100 hamachi - ok
17:58:05.0551 4100 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:58:05.0599 4100 hcw85cir - ok
17:58:05.0645 4100 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:58:05.0659 4100 HdAudAddService - ok
17:58:05.0694 4100 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:58:05.0715 4100 HDAudBus - ok
17:58:05.0772 4100 HH10Help.sys (62fb29642745dd290910bfd79537fce0) C:\Windows\system32\drivers\HH10Help.sys
17:58:05.0787 4100 HH10Help.sys - ok
17:58:05.0805 4100 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:58:05.0830 4100 HidBatt - ok
17:58:05.0844 4100 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:58:05.0887 4100 HidBth - ok
17:58:05.0909 4100 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:58:05.0953 4100 HidIr - ok
17:58:06.0003 4100 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:58:06.0020 4100 HidUsb - ok
17:58:06.0072 4100 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:58:06.0080 4100 HpSAMD - ok
17:58:06.0123 4100 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:58:06.0170 4100 HTTP - ok
17:58:06.0214 4100 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:58:06.0219 4100 hwpolicy - ok
17:58:06.0245 4100 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:58:06.0263 4100 i8042prt - ok
17:58:06.0296 4100 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:58:06.0317 4100 iaStorV - ok
17:58:06.0368 4100 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:58:06.0377 4100 iirsp - ok
17:58:06.0400 4100 IntcAzAudAddService - ok
17:58:06.0441 4100 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:58:06.0447 4100 intelide - ok
17:58:06.0469 4100 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:58:06.0498 4100 intelppm - ok
17:58:06.0539 4100 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:58:06.0580 4100 IpFilterDriver - ok
17:58:06.0599 4100 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:58:06.0620 4100 IPMIDRV - ok
17:58:06.0640 4100 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:58:06.0686 4100 IPNAT - ok
17:58:06.0724 4100 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:58:06.0766 4100 IRENUM - ok
17:58:06.0786 4100 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:58:06.0801 4100 isapnp - ok
17:58:06.0828 4100 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:58:06.0847 4100 iScsiPrt - ok
17:58:06.0879 4100 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:58:06.0886 4100 kbdclass - ok
17:58:06.0904 4100 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:58:06.0912 4100 kbdhid - ok
17:58:06.0953 4100 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
17:58:06.0959 4100 KMWDFILTER - ok
17:58:06.0981 4100 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
17:58:06.0987 4100 KSecDD - ok
17:58:07.0021 4100 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
17:58:07.0028 4100 KSecPkg - ok
17:58:07.0046 4100 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:58:07.0095 4100 ksthunk - ok
17:58:07.0119 4100 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:58:07.0168 4100 lltdio - ok
17:58:07.0205 4100 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:58:07.0221 4100 LSI_FC - ok
17:58:07.0232 4100 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:58:07.0248 4100 LSI_SAS - ok
17:58:07.0269 4100 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:58:07.0284 4100 LSI_SAS2 - ok
17:58:07.0309 4100 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:58:07.0326 4100 LSI_SCSI - ok
17:58:07.0362 4100 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:58:07.0397 4100 luafv - ok
17:58:07.0414 4100 MBAMProtector - ok
17:58:07.0449 4100 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:58:07.0473 4100 megasas - ok
17:58:07.0495 4100 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:58:07.0515 4100 MegaSR - ok
17:58:07.0576 4100 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:58:07.0599 4100 Modem - ok
17:58:07.0650 4100 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:58:07.0665 4100 monitor - ok
17:58:07.0691 4100 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:58:07.0698 4100 mouclass - ok
17:58:07.0743 4100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:58:08.0752 4100 mouhid - ok
17:58:08.0862 4100 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:58:08.0869 4100 mountmgr - ok
17:58:08.0904 4100 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:58:08.0914 4100 mpio - ok
17:58:08.0944 4100 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:58:08.0990 4100 mpsdrv - ok
17:58:09.0025 4100 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:58:09.0049 4100 MRxDAV - ok
17:58:09.0108 4100 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:58:09.0140 4100 mrxsmb - ok
17:58:09.0173 4100 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:58:09.0182 4100 mrxsmb10 - ok
17:58:09.0206 4100 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:58:09.0213 4100 mrxsmb20 - ok
17:58:09.0265 4100 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:58:09.0280 4100 msahci - ok
17:58:09.0321 4100 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:58:09.0338 4100 msdsm - ok
17:58:09.0377 4100 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:58:09.0398 4100 Msfs - ok
17:58:09.0416 4100 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:58:09.0438 4100 mshidkmdf - ok
17:58:09.0467 4100 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:58:09.0473 4100 msisadrv - ok
17:58:09.0523 4100 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:58:09.0545 4100 MSKSSRV - ok
17:58:09.0557 4100 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:58:09.0593 4100 MSPCLOCK - ok
17:58:09.0615 4100 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:58:09.0658 4100 MSPQM - ok
17:58:09.0698 4100 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:58:09.0708 4100 MsRPC - ok
17:58:09.0721 4100 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:58:09.0726 4100 mssmbios - ok
17:58:09.0774 4100 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:58:09.0796 4100 MSTEE - ok
17:58:09.0813 4100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:58:09.0837 4100 MTConfig - ok
17:58:09.0863 4100 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:58:09.0869 4100 Mup - ok
17:58:09.0918 4100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:58:09.0969 4100 NativeWifiP - ok
17:58:10.0026 4100 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:58:10.0044 4100 NDIS - ok
17:58:10.0060 4100 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:58:10.0091 4100 NdisCap - ok
17:58:10.0119 4100 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:58:10.0155 4100 NdisTapi - ok
17:58:10.0206 4100 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:58:10.0229 4100 Ndisuio - ok
17:58:10.0262 4100 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:58:10.0306 4100 NdisWan - ok
17:58:10.0353 4100 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:58:10.0394 4100 NDProxy - ok
17:58:10.0422 4100 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:58:10.0445 4100 NetBIOS - ok
17:58:10.0484 4100 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:58:10.0524 4100 NetBT - ok
17:58:10.0574 4100 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:58:10.0598 4100 nfrd960 - ok
17:58:10.0659 4100 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:58:10.0681 4100 Npfs - ok
17:58:10.0733 4100 NPPTNT2 - ok
17:58:10.0770 4100 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:58:10.0791 4100 nsiproxy - ok
17:58:10.0853 4100 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:58:10.0893 4100 Ntfs - ok
17:58:10.0908 4100 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:58:10.0951 4100 Null - ok
17:58:10.0990 4100 nusb3hub (d584abb6a308933a5f72b46c9e5a783f) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:58:11.0058 4100 nusb3hub - ok
17:58:11.0083 4100 nusb3xhc (345b9c04e2036da4346e3249a5bdfd06) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:58:11.0112 4100 nusb3xhc - ok
17:58:11.0152 4100 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:58:11.0168 4100 nvraid - ok
17:58:11.0204 4100 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:58:11.0242 4100 nvstor - ok
17:58:11.0302 4100 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:58:11.0318 4100 nv_agp - ok
17:58:11.0346 4100 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:58:11.0380 4100 ohci1394 - ok
17:58:11.0415 4100 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:58:11.0433 4100 Parport - ok
17:58:11.0469 4100 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:58:11.0475 4100 partmgr - ok
17:58:11.0510 4100 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:58:11.0517 4100 pci - ok
17:58:11.0542 4100 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:58:11.0547 4100 pciide - ok
17:58:11.0567 4100 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:58:11.0584 4100 pcmcia - ok
17:58:11.0600 4100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:58:11.0607 4100 pcw - ok
17:58:11.0632 4100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:58:11.0681 4100 PEAUTH - ok
17:58:11.0788 4100 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
17:58:11.0803 4100 Point64 - ok
17:58:11.0848 4100 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:58:11.0927 4100 PptpMiniport - ok
17:58:11.0939 4100 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:58:11.0969 4100 Processor - ok
17:58:12.0034 4100 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:58:12.0076 4100 Psched - ok
17:58:12.0109 4100 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:58:12.0148 4100 ql2300 - ok
17:58:12.0168 4100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:58:12.0176 4100 ql40xx - ok
17:58:12.0198 4100 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:58:12.0219 4100 QWAVEdrv - ok
17:58:12.0239 4100 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:58:12.0270 4100 RasAcd - ok
17:58:12.0321 4100 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:58:12.0344 4100 RasAgileVpn - ok
17:58:12.0385 4100 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:58:12.0437 4100 Rasl2tp - ok
17:58:12.0455 4100 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:58:12.0492 4100 RasPppoe - ok
17:58:12.0533 4100 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:58:12.0565 4100 RasSstp - ok
17:58:12.0595 4100 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:58:12.0620 4100 rdbss - ok
17:58:12.0640 4100 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:58:12.0677 4100 rdpbus - ok
17:58:12.0698 4100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:58:12.0719 4100 RDPCDD - ok
17:58:12.0748 4100 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:58:12.0805 4100 RDPDR - ok
17:58:12.0839 4100 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:58:12.0868 4100 RDPENCDD - ok
17:58:12.0883 4100 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:58:12.0904 4100 RDPREFMP - ok
17:58:12.0940 4100 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:58:12.0993 4100 RdpVideoMiniport - ok
17:58:13.0016 4100 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:58:13.0049 4100 RDPWD - ok
17:58:13.0070 4100 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:58:13.0079 4100 rdyboost - ok
17:58:13.0105 4100 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:58:13.0137 4100 rspndr - ok
17:58:13.0186 4100 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
17:58:13.0203 4100 RTHDMIAzAudService - ok
17:58:13.0280 4100 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:58:13.0303 4100 RTL8167 - ok
17:58:13.0342 4100 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:58:13.0387 4100 s3cap - ok
17:58:13.0406 4100 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:58:13.0422 4100 sbp2port - ok
17:58:13.0451 4100 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:58:13.0495 4100 scfilter - ok
17:58:13.0545 4100 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
17:58:13.0585 4100 SecDrv - ok
17:58:13.0612 4100 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:58:13.0645 4100 Serenum - ok
17:58:13.0668 4100 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:58:13.0710 4100 Serial - ok
17:58:13.0736 4100 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:58:13.0767 4100 sermouse - ok
17:58:13.0837 4100 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:58:13.0870 4100 sffdisk - ok
17:58:13.0893 4100 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:58:13.0911 4100 sffp_mmc - ok
17:58:13.0970 4100 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:58:13.0994 4100 sffp_sd - ok
17:58:14.0013 4100 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:58:14.0037 4100 sfloppy - ok
17:58:14.0062 4100 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:58:14.0086 4100 SiSRaid2 - ok
17:58:14.0138 4100 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:58:14.0198 4100 SiSRaid4 - ok
17:58:14.0260 4100 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:58:14.0283 4100 Smb - ok
17:58:14.0322 4100 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:58:14.0327 4100 spldr - ok
17:58:14.0369 4100 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:58:14.0395 4100 srv - ok
17:58:14.0421 4100 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:58:14.0431 4100 srv2 - ok
17:58:14.0450 4100 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:58:14.0467 4100 srvnet - ok
17:58:14.0503 4100 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:58:14.0510 4100 stexstor - ok
17:58:14.0549 4100 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:58:14.0555 4100 storflt - ok
17:58:14.0584 4100 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:58:14.0599 4100 storvsc - ok
17:58:14.0633 4100 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:58:14.0649 4100 swenum - ok
17:58:14.0733 4100 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:58:14.0783 4100 Tcpip - ok
17:58:14.0825 4100 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:58:14.0849 4100 TCPIP6 - ok
17:58:14.0893 4100 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:58:14.0924 4100 tcpipreg - ok
17:58:14.0947 4100 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:58:14.0997 4100 TDPIPE - ok
17:58:15.0014 4100 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:58:15.0056 4100 TDTCP - ok
17:58:15.0095 4100 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:58:15.0126 4100 tdx - ok
17:58:15.0150 4100 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:58:15.0166 4100 TermDD - ok
17:58:15.0207 4100 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:58:15.0229 4100 tssecsrv - ok
17:58:15.0294 4100 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:58:15.0331 4100 TsUsbFlt - ok
17:58:15.0361 4100 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:58:15.0396 4100 tunnel - ok
17:58:15.0421 4100 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:58:15.0436 4100 uagp35 - ok
17:58:15.0473 4100 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:58:15.0497 4100 udfs - ok
17:58:15.0542 4100 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:58:15.0559 4100 uliagpkx - ok
17:58:15.0577 4100 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:58:15.0606 4100 umbus - ok
17:58:15.0625 4100 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:58:15.0648 4100 UmPass - ok
17:58:15.0710 4100 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:58:15.0747 4100 USBAAPL64 - ok
17:58:15.0786 4100 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:58:15.0812 4100 usbccgp - ok
17:58:15.0846 4100 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:58:15.0876 4100 usbcir - ok
17:58:15.0913 4100 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:58:15.0943 4100 usbehci - ok
17:58:15.0982 4100 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:58:16.0021 4100 usbhub - ok
17:58:16.0056 4100 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:58:16.0075 4100 usbohci - ok
17:58:16.0088 4100 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:58:16.0107 4100 usbprint - ok
17:58:16.0138 4100 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:58:16.0159 4100 usbscan - ok
17:58:16.0192 4100 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:58:16.0252 4100 USBSTOR - ok
17:58:16.0271 4100 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:58:16.0280 4100 usbuhci - ok
17:58:16.0346 4100 vcd10bus (f0faf3fb9b138f8cafb65ecffe9f4ab6) C:\Windows\system32\DRIVERS\vcd10bus.sys
17:58:16.0361 4100 vcd10bus - ok
17:58:16.0391 4100 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
17:58:16.0424 4100 VClone - ok
17:58:16.0482 4100 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:58:16.0487 4100 vdrvroot - ok
17:58:16.0520 4100 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:58:16.0529 4100 vga - ok
17:58:16.0553 4100 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:58:16.0584 4100 VgaSave - ok
17:58:16.0615 4100 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:58:16.0633 4100 vhdmp - ok
17:58:16.0672 4100 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:58:16.0687 4100 viaide - ok
17:58:16.0726 4100 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:58:16.0733 4100 vmbus - ok
17:58:16.0754 4100 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:58:16.0770 4100 VMBusHID - ok
17:58:16.0802 4100 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:58:16.0808 4100 volmgr - ok
17:58:16.0842 4100 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:58:16.0852 4100 volmgrx - ok
17:58:16.0877 4100 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:58:16.0886 4100 volsnap - ok
17:58:16.0906 4100 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:58:16.0923 4100 vsmraid - ok
17:58:16.0942 4100 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:58:16.0975 4100 vwifibus - ok
17:58:16.0996 4100 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:58:17.0016 4100 WacomPen - ok
17:58:17.0055 4100 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:58:17.0098 4100 WANARP - ok
17:58:17.0101 4100 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:58:17.0121 4100 Wanarpv6 - ok
17:58:17.0153 4100 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:58:17.0159 4100 Wd - ok
17:58:17.0188 4100 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:58:17.0202 4100 Wdf01000 - ok
17:58:17.0252 4100 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:58:17.0282 4100 WfpLwf - ok
17:58:17.0304 4100 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:58:17.0320 4100 WIMMount - ok
17:58:17.0388 4100 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:58:17.0421 4100 WinUsb - ok
17:58:17.0484 4100 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:58:17.0491 4100 WmiAcpi - ok
17:58:17.0540 4100 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:58:17.0584 4100 ws2ifsl - ok
17:58:17.0626 4100 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:58:17.0658 4100 WudfPf - ok
17:58:17.0675 4100 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:58:17.0708 4100 WUDFRd - ok
17:58:17.0743 4100 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:58:17.0809 4100 \Device\Harddisk0\DR0 - ok
17:58:17.0811 4100 Boot (0x1200) (e85f6601a17c0631ff4cb11837cc9319) \Device\Harddisk0\DR0\Partition0
17:58:17.0812 4100 \Device\Harddisk0\DR0\Partition0 - ok
17:58:17.0840 4100 Boot (0x1200) (783340dd3f2c97aaa52dcfaaca06bbab) \Device\Harddisk0\DR0\Partition1
17:58:17.0841 4100 \Device\Harddisk0\DR0\Partition1 - ok
17:58:17.0842 4100 ============================================================
17:58:17.0842 4100 Scan finished
17:58:17.0842 4100 ============================================================
17:58:17.0850 4944 Detected object count: 0
17:58:17.0850 4944 Actual detected object count: 0
17:58:50.0549 4324 Deinitialize success
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get a different look at the MBR. Do you get the redirect in both IE and FF ?

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#13
megaman186

megaman186

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Yes it does do the redirect in both browser and sometimes when i click on a hyper link it does it as well.

Also it found an infection, i press n as you asked and here is the log:




MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 3 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-880GM-USB3
Logical Drives Mask: 0x0100000d

Kernel Drivers (total 199):
0x03617000 \SystemRoot\system32\ntoskrnl.exe
0x03C00000 \SystemRoot\system32\hal.dll
0x00B9C000 \SystemRoot\system32\kdcom.dll
0x00C84000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C91000 \SystemRoot\system32\PSHED.dll
0x00CA5000 \SystemRoot\system32\CLFS.SYS
0x00D03000 \SystemRoot\system32\CI.dll
0x00E24000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EC8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ED7000 \SystemRoot\system32\drivers\ACPI.sys
0x00F2E000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F37000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F41000 \SystemRoot\system32\drivers\pci.sys
0x00F74000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F81000 \SystemRoot\System32\drivers\partmgr.sys
0x00F96000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FAB000 \SystemRoot\system32\drivers\pciide.sys
0x00FB2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FC2000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DC3000 \SystemRoot\system32\drivers\vmbus.sys
0x00FDC000 \SystemRoot\system32\drivers\winhv.sys
0x00FF0000 \SystemRoot\system32\drivers\atapi.sys
0x0108C000 \SystemRoot\system32\drivers\ataport.SYS
0x010B6000 \SystemRoot\system32\drivers\amdxata.sys
0x010C1000 \SystemRoot\system32\drivers\fltmgr.sys
0x0110D000 \SystemRoot\system32\drivers\fileinfo.sys
0x0123C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01121000 \SystemRoot\System32\Drivers\msrpc.sys
0x013DF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0117F000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01422000 \SystemRoot\system32\drivers\ndis.sys
0x01515000 \SystemRoot\system32\drivers\NETIO.SYS
0x01575000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01620000 \SystemRoot\System32\drivers\tcpip.sys
0x01824000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0186E000 \SystemRoot\system32\drivers\vmstorfl.sys
0x0187E000 \SystemRoot\system32\drivers\volsnap.sys
0x018CA000 \SystemRoot\System32\Drivers\spldr.sys
0x018D2000 \SystemRoot\System32\drivers\rdyboost.sys
0x0190C000 \SystemRoot\System32\Drivers\mup.sys
0x0191E000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01927000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01961000 \SystemRoot\system32\DRIVERS\disk.sys
0x01977000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x019A7000 \SystemRoot\system32\DRIVERS\AtiPcie64.sys
0x015A0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019E5000 \SystemRoot\System32\Drivers\Null.SYS
0x019EE000 \SystemRoot\System32\Drivers\Beep.SYS
0x015CA000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x01600000 \SystemRoot\System32\drivers\vga.sys
0x01000000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0160E000 \SystemRoot\System32\drivers\watchdog.sys
0x019F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015F1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01400000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01409000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0121B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01025000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01414000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01047000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02C10000 \SystemRoot\system32\drivers\afd.sys
0x02C99000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02CA2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02CC8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02CD7000 \SystemRoot\system32\DRIVERS\serial.sys
0x02CF4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D0F000 \SystemRoot\system32\drivers\termdd.sys
0x02D23000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02D74000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02D80000 \SystemRoot\system32\drivers\mssmbios.sys
0x02D8B000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x02D96000 \SystemRoot\System32\drivers\discache.sys
0x0408A000 \SystemRoot\system32\drivers\csc.sys
0x0410D000 \SystemRoot\System32\Drivers\dfsc.sys
0x0412B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0413C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04162000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x04177000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04180000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0485A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x052B0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x053A4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04800000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04000000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x04824000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0422A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x042AF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x042BC000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x042C7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0431D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0432E000 \SystemRoot\system32\drivers\1394ohci.sys
0x0436C000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04379000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04385000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04395000 \SystemRoot\system32\DRIVERS\vcd10bus.sys
0x043A3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x043B9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043DD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04826000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04200000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04039000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0405A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0421B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x043E9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x053EA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04074000 \SystemRoot\system32\DRIVERS\VClone.sys
0x02DA5000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x043F8000 \SystemRoot\system32\drivers\swenum.sys
0x056B2000 \SystemRoot\system32\drivers\ks.sys
0x056F5000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x05709000 \SystemRoot\system32\drivers\umbus.sys
0x0571B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05775000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x05780000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05795000 \SystemRoot\system32\drivers\AtihdW76.sys
0x05600000 \SystemRoot\system32\drivers\portcls.sys
0x0563D000 \SystemRoot\system32\drivers\drmk.sys
0x0565F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05665000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x06C2A000 \SystemRoot\system32\drivers\HdAudio.sys
0x06C86000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06C94000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06CA0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06CA9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06CBC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06CCA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06CE3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06CEC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06D09000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06D17000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x06D24000 \SystemRoot\System32\drivers\Dxapi.sys
0x06D30000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x06D3E000 \SystemRoot\system32\drivers\luafv.sys
0x04630000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x04712000 \SystemRoot\system32\drivers\WudfPf.sys
0x04733000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04748000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0479B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x047AE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x090F6000 \SystemRoot\system32\drivers\HTTP.sys
0x091BF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x09000000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0901E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x09036000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09063000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x090B1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06D61000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09295000 \SystemRoot\System32\DRIVERS\srv.sys
0x0932D000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
0x0935E000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x0ACEE000 \SystemRoot\system32\drivers\peauth.sys
0x0AD94000 \??\C:\Windows\system32\drivers\SECDRV.SYS
0x0AC71000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0AC83000 \??\C:\Windows\gdrv.sys
0x778B0000 \Windows\System32\ntdll.dll
0x481F0000 \Windows\System32\smss.exe
0xFFBD0000 \Windows\System32\apisetschema.dll
0xFFAF0000 \Windows\System32\usp10.dll
0xFFAD0000 \Windows\System32\imagehlp.dll
0xFFAC0000 \Windows\System32\nsi.dll
0x77A80000 \Windows\System32\psapi.dll
0x777B0000 \Windows\System32\user32.dll
0xFFA70000 \Windows\System32\ws2_32.dll
0xFF960000 \Windows\System32\msctf.dll
0x77650000 \Windows\System32\wininet.dll
0x77440000 \Windows\System32\iertutil.dll
0xFF8C0000 \Windows\System32\msvcrt.dll
0xFEB30000 \Windows\System32\shell32.dll
0xFEAB0000 \Windows\System32\shlwapi.dll
0xFEA80000 \Windows\System32\imm32.dll
0xFE8A0000 \Windows\System32\setupapi.dll
0xFE7C0000 \Windows\System32\oleaut32.dll
0xFE7A0000 \Windows\System32\sechost.dll
0xFE720000 \Windows\System32\difxapi.dll
0xFE680000 \Windows\System32\comdlg32.dll
0xFE550000 \Windows\System32\rpcrt4.dll
0x77A70000 \Windows\System32\normaliz.dll
0xFE540000 \Windows\System32\lpk.dll
0xFE460000 \Windows\System32\advapi32.dll
0xFE250000 \Windows\System32\ole32.dll
0xFE1F0000 \Windows\System32\Wldap32.dll
0xFE180000 \Windows\System32\gdi32.dll
0xFE0E0000 \Windows\System32\clbcatq.dll
0x772F0000 \Windows\System32\urlmon.dll
0x771D0000 \Windows\System32\kernel32.dll
0xFDF70000 \Windows\System32\crypt32.dll
0xFDF30000 \Windows\System32\wintrust.dll
0xFDE90000 \Windows\System32\comctl32.dll
0xFDE50000 \Windows\System32\cfgmgr32.dll
0xFDDE0000 \Windows\System32\KernelBase.dll
0xFDDC0000 \Windows\System32\devobj.dll
0xFDDB0000 \Windows\System32\msasn1.dll

Processes (total 68):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
496 csrss.exe
576 csrss.exe
584 C:\Windows\System32\wininit.exe
652 C:\Windows\System32\services.exe
660 C:\Windows\System32\winlogon.exe
688 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\atiesrxx.exe
1008 C:\Windows\System32\svchost.exe
264 C:\Windows\System32\svchost.exe
468 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\atieclxx.exe
1244 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\dwm.exe
1508 C:\Windows\explorer.exe
1588 C:\Windows\System32\taskhost.exe
1632 C:\Windows\System32\spoolsv.exe
1664 C:\Windows\System32\svchost.exe
1964 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1280 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1684 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
1824 C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
1916 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1744 C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
1456 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2028 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
480 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
692 C:\Program Files (x86)\iTunes\iTunesHelper.exe
1072 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2120 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2176 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
2208 C:\Program Files\Bonjour\mDNSResponder.exe
2244 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
2280 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
2304 C:\Windows\SysWOW64\svchost.exe
2328 C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
2352 C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
2384 C:\Windows\System32\svchost.exe
2416 C:\Windows\SysWOW64\NLSSRV32.EXE
2480 C:\Windows\System32\svchost.exe
2500 C:\Windows\SysWOW64\PnkBstrA.exe
2528 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2676 C:\Windows\System32\svchost.exe
2696 C:\Windows\System32\svchost.exe
2784 C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
2812 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2840 C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
2900 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3044 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3264 C:\Program Files\iPod\bin\iPodService.exe
3296 C:\Windows\System32\svchost.exe
3548 C:\Windows\System32\svchost.exe
4032 WmiPrvSE.exe
3084 C:\Windows\System32\svchost.exe
3724 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2196 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
3488 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
884 C:\Windows\System32\svchost.exe
4812 C:\Program Files (x86)\Internet Explorer\iexplore.exe
800 C:\Users\Timothy\Desktop\MBRCheck.exe
4868 C:\Windows\System32\conhost.exe
2580 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST31000524AS, Rev: JC45

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this one is a blighter to remove - so lets get at it. This must be done from the recovery cd to work

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.




When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

  • Bootrec.exe /FixMbr
  • Once finished type Exit


Reboot to normal windows and run MBRcheck again please
  • 0

#15
megaman186

megaman186

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Didn't fix it


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 3 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-880GM-USB3
Logical Drives Mask: 0x0100000d

Kernel Drivers (total 201):
0x03666000 \SystemRoot\system32\ntoskrnl.exe
0x0361D000 \SystemRoot\system32\hal.dll
0x00BA7000 \SystemRoot\system32\kdcom.dll
0x00CB6000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CC3000 \SystemRoot\system32\PSHED.dll
0x00CD7000 \SystemRoot\system32\CLFS.SYS
0x00D35000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00CA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EFE000 \SystemRoot\system32\drivers\ACPI.sys
0x00F55000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F5E000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F68000 \SystemRoot\system32\drivers\pci.sys
0x00F9B000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FA8000 \SystemRoot\System32\drivers\partmgr.sys
0x00FBD000 \SystemRoot\system32\drivers\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E5C000 \SystemRoot\system32\drivers\pciide.sys
0x00E63000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E73000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E8D000 \SystemRoot\system32\drivers\vmbus.sys
0x00EC9000 \SystemRoot\system32\drivers\winhv.sys
0x00EDD000 \SystemRoot\system32\drivers\atapi.sys
0x00FD2000 \SystemRoot\system32\drivers\ataport.SYS
0x00EE6000 \SystemRoot\system32\drivers\amdxata.sys
0x0102C000 \SystemRoot\system32\drivers\fltmgr.sys
0x01078000 \SystemRoot\system32\drivers\fileinfo.sys
0x01252000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0108C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010EA000 \SystemRoot\System32\Drivers\cng.sys
0x0121B000 \SystemRoot\System32\drivers\pcw.sys
0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01434000 \SystemRoot\system32\drivers\ndis.sys
0x01527000 \SystemRoot\system32\drivers\NETIO.SYS
0x01587000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016AA000 \SystemRoot\System32\drivers\tcpip.sys
0x018AE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018F8000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01908000 \SystemRoot\system32\drivers\volsnap.sys
0x01954000 \SystemRoot\System32\Drivers\spldr.sys
0x0195C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01996000 \SystemRoot\System32\Drivers\mup.sys
0x019A8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019B1000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01600000 \SystemRoot\system32\DRIVERS\disk.sys
0x01616000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01646000 \SystemRoot\system32\DRIVERS\AtiPcie64.sys
0x015B2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01684000 \SystemRoot\System32\Drivers\Null.SYS
0x0168D000 \SystemRoot\System32\Drivers\Beep.SYS
0x01400000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x01694000 \SystemRoot\System32\drivers\vga.sys
0x0115C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019EB000 \SystemRoot\System32\drivers\watchdog.sys
0x01427000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015DC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015E5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015EE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01236000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01181000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011A3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x011B0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04028000 \SystemRoot\system32\drivers\afd.sys
0x040B1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x040BA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x040E0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x040EF000 \SystemRoot\system32\DRIVERS\serial.sys
0x0410C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04127000 \SystemRoot\system32\drivers\termdd.sys
0x0413B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0418C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04198000 \SystemRoot\system32\drivers\mssmbios.sys
0x041A3000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x041AE000 \SystemRoot\System32\drivers\discache.sys
0x03E96000 \SystemRoot\system32\drivers\csc.sys
0x03F19000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F37000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F48000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03F6E000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03F83000 \SystemRoot\system32\drivers\wmiacpi.sys
0x03F8C000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04832000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05288000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0537C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x053C2000 \SystemRoot\system32\drivers\HDAudBus.sys
0x03E00000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x053E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02CBD000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x02D42000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02D4F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x02D5A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02DB0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02DC1000 \SystemRoot\system32\drivers\1394ohci.sys
0x02C00000 \SystemRoot\system32\DRIVERS\fdc.sys
0x02C0D000 \SystemRoot\system32\DRIVERS\serenum.sys
0x02C19000 \SystemRoot\system32\drivers\CompositeBus.sys
0x02C29000 \SystemRoot\system32\DRIVERS\vcd10bus.sys
0x02C37000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02C4D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02C71000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02C7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04800000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03E39000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03E5A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02CAC000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0481B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x053E8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03E74000 \SystemRoot\system32\DRIVERS\VClone.sys
0x041BD000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x02CB7000 \SystemRoot\system32\drivers\swenum.sys
0x05649000 \SystemRoot\system32\drivers\ks.sys
0x0568C000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x056A0000 \SystemRoot\system32\drivers\umbus.sys
0x056B2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0570C000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x05717000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0572C000 \SystemRoot\system32\drivers\AtihdW76.sys
0x0576A000 \SystemRoot\system32\drivers\portcls.sys
0x057A7000 \SystemRoot\system32\drivers\drmk.sys
0x057C9000 \SystemRoot\system32\drivers\ksthunk.sys
0x057CF000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x06CD2000 \SystemRoot\system32\drivers\HdAudio.sys
0x06D2E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06D3C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06D48000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06D51000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06D64000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06D72000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06D8B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x00060000 \SystemRoot\System32\win32k.sys
0x06D94000 \SystemRoot\System32\drivers\Dxapi.sys
0x06DA0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06DBD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06DCB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06DD8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06C00000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x00710000 \SystemRoot\System32\cdd.dll
0x008B0000 \SystemRoot\System32\ATMFD.DLL
0x06C0E000 \SystemRoot\system32\drivers\luafv.sys
0x0463C000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x0471E000 \SystemRoot\system32\drivers\WudfPf.sys
0x0473F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04754000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x047A7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x047BA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x070AC000 \SystemRoot\system32\drivers\HTTP.sys
0x07175000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x071A6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x071C4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0702D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0707B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06C31000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08A5D000 \SystemRoot\System32\DRIVERS\srv.sys
0x08AF5000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
0x08B26000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x08B4A000 \SystemRoot\system32\drivers\peauth.sys
0x08BF0000 \??\C:\Windows\system32\drivers\SECDRV.SYS
0x08A00000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0AEAD000 \SystemRoot\system32\drivers\spsys.sys
0x0AF1E000 \??\C:\Windows\gdrv.sys
0x77630000 \Windows\System32\ntdll.dll
0x47CA0000 \Windows\System32\smss.exe
0xFF950000 \Windows\System32\apisetschema.dll
0xFF730000 \Windows\System32\ole32.dll
0xFF620000 \Windows\System32\msctf.dll
0xFF610000 \Windows\System32\nsi.dll
0xFF600000 \Windows\System32\lpk.dll
0xFF590000 \Windows\System32\gdi32.dll
0x77510000 \Windows\System32\kernel32.dll
0xFF4B0000 \Windows\System32\oleaut32.dll
0xFF3D0000 \Windows\System32\advapi32.dll
0xFF300000 \Windows\System32\usp10.dll
0xFE570000 \Windows\System32\shell32.dll
0xFE550000 \Windows\System32\imagehlp.dll
0xFE4B0000 \Windows\System32\clbcatq.dll
0x77300000 \Windows\System32\iertutil.dll
0xFE410000 \Windows\System32\msvcrt.dll
0xFE2E0000 \Windows\System32\rpcrt4.dll
0x77800000 \Windows\System32\normaliz.dll
0xFE100000 \Windows\System32\setupapi.dll
0xFE060000 \Windows\System32\comdlg32.dll
0x777F0000 \Windows\System32\psapi.dll
0xFE000000 \Windows\System32\Wldap32.dll
0x77200000 \Windows\System32\user32.dll
0xFDFD0000 \Windows\System32\imm32.dll
0x770B0000 \Windows\System32\urlmon.dll
0x76F50000 \Windows\System32\wininet.dll
0xFDF80000 \Windows\System32\ws2_32.dll
0xFDF00000 \Windows\System32\shlwapi.dll
0xFDE80000 \Windows\System32\difxapi.dll
0xFDE60000 \Windows\System32\sechost.dll
0xFDDF0000 \Windows\System32\KernelBase.dll
0xFDDD0000 \Windows\System32\devobj.dll
0xFDD30000 \Windows\System32\comctl32.dll
0xFDCF0000 \Windows\System32\cfgmgr32.dll
0xFDB80000 \Windows\System32\crypt32.dll
0xFDB40000 \Windows\System32\wintrust.dll
0xFDB30000 \Windows\System32\msasn1.dll

Processes (total 69):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
496 csrss.exe
568 C:\Windows\System32\wininit.exe
604 csrss.exe
632 C:\Windows\System32\services.exe
664 C:\Windows\System32\winlogon.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
796 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\atiesrxx.exe
1016 C:\Windows\System32\svchost.exe
272 C:\Windows\System32\svchost.exe
508 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\audiodg.exe
1072 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\atieclxx.exe
1488 C:\Windows\System32\dwm.exe
1512 C:\Windows\explorer.exe
1552 C:\Windows\System32\taskhost.exe
1632 C:\Windows\System32\spoolsv.exe
1692 C:\Windows\System32\svchost.exe
1908 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1956 C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
1988 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2020 C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
2044 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1400 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
1472 C:\Program Files\Bonjour\mDNSResponder.exe
1756 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
1892 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
1768 C:\Windows\SysWOW64\svchost.exe
1344 C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
1180 C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
2084 C:\Windows\System32\svchost.exe
2112 C:\Windows\SysWOW64\NLSSRV32.EXE
2172 C:\Windows\System32\svchost.exe
2200 C:\Windows\SysWOW64\PnkBstrA.exe
2224 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2268 C:\Windows\System32\sppsvc.exe
2296 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2332 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
2448 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
2456 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2468 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2496 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2596 C:\Windows\System32\svchost.exe
2616 C:\Windows\System32\svchost.exe
2672 C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
2768 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2852 C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
2892 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1876 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1340 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3024 C:\Program Files\iPod\bin\iPodService.exe
984 C:\Windows\System32\svchost.exe
3148 C:\Windows\System32\svchost.exe
3732 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3796 C:\Windows\System32\svchost.exe
4048 WmiPrvSE.exe
3212 WmiPrvSE.exe
3908 C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
4132 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4580 C:\Users\Timothy\Desktop\MBRCheck.exe
4592 C:\Windows\System32\conhost.exe
4608 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST31000524AS, Rev: JC45

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP