Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need help removing win32/olmarik.axs [Closed]


  • This topic is locked This topic is locked

#1
MrJc

MrJc

    Member

  • Member
  • PipPip
  • 37 posts
Hi my Eset virus scan said today that I have a win32/olmarik.axs trojan and after looking on the net for a while I found this site. So first thing is that I have not noticed any changes on my computer at all. Second I've run Malwarebytes let it scan my computer and had it remove w.e it found, but again eset says the win32/olmarik.axs is still there so I dont really know what to do now.

along with this I have the OTL File attached(read the artical one what you should have for the post)
I really hope that I can get some help with this and I thank any and all who do help me
-MrJc

OTL logfile created on: 12/11/2011 1:05:47 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jc\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 9.76 Gb Available Physical Memory | 81.37% Memory free
23.99 Gb Paging File | 21.59 Gb Available in Paging File | 89.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 166.77 Gb Total Space | 69.24 Gb Free Space | 41.52% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 3.60 Gb Free Space | 18.43% Space Free | Partition Type: NTFS
Drive E: | 446.23 Gb Total Space | 150.47 Gb Free Space | 33.72% Space Free | Partition Type: NTFS
Drive H: | 1397.26 Gb Total Space | 21.92 Gb Free Space | 1.57% Space Free | Partition Type: NTFS
Drive J: | 931.49 Gb Total Space | 808.18 Gb Free Space | 86.76% Space Free | Partition Type: exFAT
Drive P: | 1397.26 Gb Total Space | 236.04 Gb Free Space | 16.89% Space Free | Partition Type: NTFS

Computer Name: JC-PC | User Name: jc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/11 01:05:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jc\Desktop\OTL.exe
PRC - [2011/10/27 18:14:34 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/22 14:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/22 11:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/01 18:43:03 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Program Files\Steam\Steam.exe
PRC - [2011/03/18 00:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011/03/18 00:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- P:\Programfiles\ZoneAlarm\zlclient.exe
PRC - [2011/03/03 17:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/21 13:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2010/04/26 18:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET) -- P:\Program Files\NIK\x86\ekrn.exe
PRC - [2009/03/29 22:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/08 09:45:02 | 014,410,024 | ---- | M] () -- E:\Program Files\Steam\bin\libcef.dll
MOD - [2011/12/08 09:45:01 | 000,914,216 | ---- | M] () -- E:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/12/08 09:45:01 | 000,194,344 | ---- | M] () -- E:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/12/08 09:45:01 | 000,155,432 | ---- | M] () -- E:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/12/08 09:45:01 | 000,091,432 | ---- | M] () -- E:\Program Files\Steam\bin\avutil-50.dll
MOD - [2009/03/29 22:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/06 13:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/30 20:01:55 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011/10/27 18:14:34 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/22 14:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/22 11:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/03 17:57:24 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/06 14:29:10 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/03/18 00:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/03/03 17:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/21 13:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/29 13:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- P:\Program Files\NIK\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- P:\Program Files\NIK\x86\ekrn.exe -- (ekrn)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/07 15:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/11 04:33:38 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/06/11 04:32:49 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/04/29 02:11:22 | 000,060,928 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV:64bit: - [2011/03/22 00:42:44 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/17 11:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011/03/17 11:10:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011/03/17 11:10:34 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/03/03 17:25:20 | 004,183,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:64bit: - [2011/03/03 17:23:54 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/01/01 09:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/05/30 19:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/15 15:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/04/26 17:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/26 17:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/29 13:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/29 13:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/29 12:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/09/22 01:59:19 | 000,024,144 | ---- | M] (Beijing Joychina Network Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\Temp\ncvet.dll -- (ncvet.dll)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 25 29 39 09 89 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 113.254.193.230:9415

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jc\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jc\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/25 14:52:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/25 14:52:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: P:\Program Files\NIK\Mozilla Thunderbird [2011/11/25 18:27:33 | 000,000,000 | ---D | M]

[2011/02/24 20:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jc\AppData\Roaming\Mozilla\Extensions
[2011/02/24 20:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jc\AppData\Roaming\Mozilla\Firefox\Profiles\4eiuennm.default\extensions
[2011/11/25 15:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jc\AppData\Roaming\Mozilla\Firefox\Profiles\e7na2145.default\extensions
[2011/08/22 23:00:19 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\jc\AppData\Roaming\Mozilla\Firefox\Profiles\e7na2145.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/08/04 01:08:46 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\jc\AppData\Roaming\Mozilla\Firefox\Profiles\e7na2145.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011/11/10 00:30:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/11/10 00:29:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/24 21:26:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 10:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/03 12:51:45 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 00:29:46 | 000,002,040 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jc\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jc\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jc\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\jc\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_HatsuneMiku = C:\Users\jc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcacbggjcnkdgchjnekppjkkkhlijkdd\2_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [egui] P:\Program Files\NIK\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [QuickTime Task] P:\Programfiles\Ava\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] P:\Programfiles\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\jc\AppData\Local\Akamai\netsession_win.exe File not found
O4 - HKCU..\Run: [Steam] E:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: facebook.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 64.233.207.8 64.233.207.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B1A3CF-C723-4B16-890C-268BBFF77D8E}: DhcpNameServer = 192.168.2.1 192.168.2.1 64.233.207.8 64.233.207.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B264A2B6-E054-4F7E-A1F2-6952CFF329DA}: DhcpNameServer = 192.168.2.1 192.168.2.1 64.233.207.8 64.233.207.9
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/15 15:49:12 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/20 18:47:35 | 000,000,000 | R--D | M] - H:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 01:04:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jc\Desktop\OTL.exe
[2011/12/11 01:02:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/12/10 23:52:01 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Roaming\Malwarebytes
[2011/12/10 23:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/10 23:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/10 23:51:12 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/10 23:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/10 23:50:50 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jc\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/10 23:24:19 | 002,562,040 | ---- | C] (Symantec Corporation) -- C:\Users\jc\Desktop\anti virus.exe
[2011/12/10 23:23:18 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Local\NPE
[2011/12/10 23:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/12/10 06:08:08 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\New folder (5)
[2011/12/08 08:53:30 | 000,000,000 | ---D | C] -- C:\Users\jc\Documents\Guild Wars
[2011/12/08 08:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2011/12/08 08:19:39 | 000,000,000 | ---D | C] -- C:\Users\jc\Documents\ANNO 2070
[2011/12/08 07:39:02 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Roaming\Ubisoft
[2011/12/08 07:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/12/06 19:19:58 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\[TheWorld]AlphaClient
[2011/12/05 13:35:03 | 000,000,000 | ---D | C] -- C:\Users\jc\Documents\OpenTTD
[2011/12/05 13:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
[2011/12/05 13:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MicroProse
[2011/12/05 13:25:32 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microprose
[2011/12/05 13:18:35 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\TT_deluxe
[2011/12/05 13:15:19 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\New folder (4)
[2011/12/03 12:06:52 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet
[2011/12/02 16:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MicroVolts
[2011/12/02 16:40:12 | 802,461,008 | ---- | C] (RockHippo Productions Ltd. ) -- C:\Users\jc\Desktop\MicroVolts_0.8.7.12_ENG.exe
[2011/11/28 19:49:47 | 000,000,000 | ---D | C] -- C:\Users\jc\Documents\Game
[2011/11/28 19:46:29 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RemnantKnights
[2011/11/28 19:44:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/11/27 11:05:54 | 000,000,000 | ---D | C] -- C:\Users\jc\Documents\Cities In Motion
[2011/11/26 04:53:57 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\ant
[2011/11/25 19:07:01 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Local\ESET
[2011/11/25 18:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/11/25 18:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/11/25 18:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/11/25 18:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/23 13:15:00 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\New folder (3)
[2011/11/19 06:37:57 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\tp
[2011/11/17 01:13:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrisOnline
[2011/11/12 21:15:15 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Local\Skyrim
[2011/11/11 06:56:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/11 01:05:50 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 01:05:50 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 01:05:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jc\Desktop\OTL.exe
[2011/12/11 00:58:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/11 00:57:56 | 1072,308,222 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/11 00:22:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2135341396-832709877-624523004-1000UA.job
[2011/12/10 23:51:16 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 23:51:03 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jc\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/10 23:43:02 | 000,001,178 | -HS- | M] () -- C:\Users\jc\AppData\Local\8e41tv0x82n235
[2011/12/10 23:43:02 | 000,001,178 | -HS- | M] () -- C:\ProgramData\8e41tv0x82n235
[2011/12/10 23:24:19 | 002,562,040 | ---- | M] (Symantec Corporation) -- C:\Users\jc\Desktop\anti virus.exe
[2011/12/10 16:42:55 | 000,001,122 | -HS- | M] () -- C:\ProgramData\785717l4t046v007b072k0fkc2y2
[2011/12/10 16:42:54 | 000,001,122 | -HS- | M] () -- C:\Users\jc\AppData\Local\785717l4t046v007b072k0fkc2y2
[2011/12/10 03:22:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2135341396-832709877-624523004-1000Core.job
[2011/12/10 01:17:28 | 000,014,640 | ---- | M] () -- C:\Users\jc\Desktop\[ANE] Shinryaku! Ika Musume [BDRip 720p x264 FLAC] - Shortcut.lnk
[2011/12/10 01:07:39 | 000,016,285 | ---- | M] () -- C:\Users\jc\Desktop\Nogizaka Haruka no Himitsu - Purezza (2009) [Doki][1920x1080 h264 BD AAC] - Shortcut.lnk
[2011/12/10 01:07:37 | 000,015,944 | ---- | M] () -- C:\Users\jc\Desktop\[AQS-Anime] Nogizaka Haruka no Himitsu 1-12 (XviD) - Shortcut.lnk
[2011/12/10 00:06:58 | 000,001,159 | ---- | M] () -- C:\Users\jc\Desktop\[Steins;Sub]_Steins;Gate_Batch_[720p] - Shortcut.lnk
[2011/12/09 19:50:52 | 000,012,936 | ---- | M] () -- C:\Users\jc\Desktop\[ANE] Ore no Imouto ga Konna ni Kawaii Wake ga Nai [BDRip 720p x264 Hi10p Vorbis] - Shortcut.lnk
[2011/12/09 19:42:35 | 000,012,413 | ---- | M] () -- C:\Users\jc\Desktop\Astarotte no Omocha! [Underwater-Commie] - Shortcut.lnk
[2011/12/09 00:14:41 | 000,056,588 | ---- | M] () -- C:\Users\jc\Desktop\me 2009.jpg
[2011/12/08 21:32:46 | 000,000,974 | ---- | M] () -- C:\Users\jc\Desktop\Outlaw Star OSTs - Shortcut.lnk
[2011/12/08 09:50:07 | 000,000,634 | ---- | M] () -- C:\Users\jc\Desktop\Anno5 - Shortcut.lnk
[2011/12/08 05:51:19 | 000,014,071 | ---- | M] () -- C:\Users\jc\Desktop\[Hiryuu-HiNA] Dog Days - Shortcut.lnk
[2011/12/08 02:25:02 | 000,012,398 | ---- | M] () -- C:\Users\jc\Desktop\[Coalgirls] Seitokai Yakuindomo - Shortcut.lnk
[2011/12/08 02:12:32 | 578,510,543 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/06 16:52:40 | 111,992,377 | ---- | M] () -- C:\Users\jc\Desktop\[TheWorld]AlphaClient.zip
[2011/12/06 16:33:50 | 000,014,447 | ---- | M] () -- C:\Users\jc\Desktop\[Ryuumaru] Omamori Himari (DVD) - Shortcut.lnk
[2011/12/06 15:39:59 | 000,014,170 | ---- | M] () -- C:\Users\jc\Desktop\To LOVE-Ru - Trouble OVA - Shortcut.lnk
[2011/12/06 15:39:57 | 000,014,211 | ---- | M] () -- C:\Users\jc\Desktop\To Love-Ru [Exiled Destiny] - Shortcut.lnk
[2011/12/06 15:39:52 | 000,014,710 | ---- | M] () -- C:\Users\jc\Desktop\Motto To LOVE-Ru (2010) [Doki-Chihiro][1280x720 h264 BD AAC] - Shortcut.lnk
[2011/12/06 15:38:37 | 000,012,624 | ---- | M] () -- C:\Users\jc\Desktop\[Kira-Fansub]_MM!_Complete+Extras_(BD_1920x1080_h264_AAC) - Shortcut.lnk
[2011/12/06 01:08:02 | 000,001,573 | ---- | M] () -- C:\Users\jc\Desktop\[KiteSeekers-Wasurenai] Tantei Opera Milky Holmes [1280x720 H264 OGG] 01-12 [Batch] - Shortcut.lnk
[2011/12/06 00:52:17 | 000,001,226 | ---- | M] () -- C:\Users\jc\Desktop\Denpa Onna to Seishun Otoko Music Collection - Shortcut.lnk
[2011/12/05 20:27:57 | 000,001,244 | ---- | M] () -- C:\Users\jc\Desktop\[Chihiro]_Sora_no_Woto_[1280x720_Blu-Ray_FLAC] - Shortcut.lnk
[2011/12/05 17:11:50 | 000,001,046 | ---- | M] () -- C:\Users\jc\Desktop\[Chihiro] Kamisama Dolls - Shortcut.lnk
[2011/12/05 14:12:18 | 000,001,198 | ---- | M] () -- C:\Users\jc\Desktop\openttd - Shortcut.lnk
[2011/12/05 13:32:26 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\OpenTTD.lnk
[2011/12/05 13:18:24 | 007,736,947 | ---- | M] () -- C:\Users\jc\Desktop\transport-tycoon-deluxe.zip
[2011/12/05 13:15:05 | 015,563,634 | ---- | M] () -- C:\Users\jc\Desktop\ttd-win.zip
[2011/12/05 00:39:11 | 000,001,015 | ---- | M] () -- C:\Users\jc\Desktop\Higurashi Soundtracks - Shortcut.lnk
[2011/12/04 22:25:57 | 000,000,862 | ---- | M] () -- C:\Users\jc\Desktop\11 Tenko's Theme B - Shortcut.lnk
[2011/12/04 20:31:40 | 000,012,078 | ---- | M] () -- C:\Users\jc\Desktop\Kamisama Kazoku - Shortcut.lnk
[2011/12/04 17:31:48 | 000,012,278 | ---- | M] () -- C:\Users\jc\Desktop\[Chihiro]_Akikan_[h264] - Shortcut.lnk
[2011/12/03 18:32:55 | 000,001,141 | ---- | M] () -- C:\Users\jc\Desktop\[polished] Sora no Otoshimono (DVD) - Shortcut.lnk
[2011/12/03 18:20:29 | 000,013,762 | ---- | M] () -- C:\Users\jc\Desktop\[tlacatlc6] Sora no Otoshimono OVA (BD 1920x1080 x264 FLAC) - Shortcut.lnk
[2011/12/03 18:19:44 | 000,001,213 | ---- | M] () -- C:\Users\jc\Desktop\[SubDesu] Sora no Otoshimono Forte BD 1080p - Shortcut.lnk
[2011/12/03 18:19:29 | 000,001,280 | ---- | M] () -- C:\Users\jc\Desktop\[Kira-Fansub] Uchuu no Stellvia (BD H264 1280x960) - Shortcut.lnk
[2011/12/03 17:58:51 | 000,001,015 | ---- | M] () -- C:\Users\jc\Desktop\raimuiro senkitan ova - Shortcut.lnk
[2011/12/03 17:58:13 | 000,001,159 | ---- | M] () -- C:\Users\jc\Desktop\[ReDone] Lime-Colored War Tales (DVD) - Shortcut.lnk
[2011/12/03 12:52:44 | 000,001,167 | ---- | M] () -- C:\Users\jc\Desktop\OGPlanet Launcher.lnk
[2011/12/02 17:27:47 | 000,002,379 | ---- | M] () -- C:\Users\jc\Desktop\Google Chrome.lnk
[2011/12/02 16:52:01 | 000,000,702 | ---- | M] () -- C:\Users\jc\Desktop\MicroVolts.lnk
[2011/12/02 16:50:20 | 802,461,008 | ---- | M] (RockHippo Productions Ltd. ) -- C:\Users\jc\Desktop\MicroVolts_0.8.7.12_ENG.exe
[2011/12/01 23:12:24 | 000,045,841 | ---- | M] () -- C:\Users\jc\Desktop\lucky.jpg
[2011/12/01 16:50:00 | 000,001,051 | ---- | M] () -- C:\Users\jc\Desktop\YuruYuri Music Collection - Shortcut.lnk
[2011/12/01 15:41:28 | 000,013,176 | ---- | M] () -- C:\Users\jc\Desktop\01 Kizuite Zombie-sama, Watashi ha Classmate desu - Shortcut.lnk
[2011/12/01 15:40:39 | 000,001,555 | ---- | M] () -- C:\Users\jc\Desktop\[Kira-Fansub]_Choujuushin_Gravion_Zwei_Complete_(BD 1280x960 h264 JP AAC EN AAC) - Shortcut.lnk
[2011/11/30 23:45:26 | 000,058,574 | ---- | M] () -- C:\Users\jc\Desktop\recruitment1.jpg
[2011/11/30 23:41:29 | 000,083,077 | ---- | M] () -- C:\Users\jc\Desktop\recruitment.jpg
[2011/11/28 19:46:29 | 000,000,717 | ---- | M] () -- C:\Users\jc\Desktop\RemnantKnights.lnk
[2011/11/28 19:42:23 | 955,779,400 | ---- | M] () -- C:\Users\jc\Desktop\RKClient.exe
[2011/11/26 10:27:50 | 000,014,756 | ---- | M] () -- C:\Users\jc\Desktop\[Oyasumi]_Welcome_to_the_NHK! - Shortcut.lnk
[2011/11/26 10:26:55 | 000,012,338 | ---- | M] () -- C:\Users\jc\Desktop\[Carbon]Seitokai no Ichizon - Shortcut.lnk
[2011/11/26 10:05:12 | 000,000,943 | ---- | M] () -- C:\Users\jc\Desktop\Kaibutsu Oujo - Shortcut.lnk
[2011/11/26 05:14:47 | 000,001,115 | ---- | M] () -- C:\Users\jc\Desktop\patcher_s4 - Shortcut.lnk
[2011/11/25 14:26:48 | 000,000,440 | -H-- | M] () -- C:\ProgramData\jh2p9zIoBQ8oHl
[2011/11/25 14:25:49 | 000,000,673 | ---- | M] () -- C:\Users\jc\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/11/23 13:04:03 | 000,042,649 | ---- | M] () -- C:\Users\jc\Desktop\TooManyItems2011_11_18.zip
[2011/11/20 00:15:33 | 000,924,070 | ---- | M] () -- C:\Users\jc\Desktop\youtube.png
[2011/11/15 14:15:27 | 093,007,246 | ---- | M] () -- C:\Users\jc\Desktop\Reconquista.rar
[2011/11/15 12:29:00 | 000,000,017 | ---- | M] () -- C:\Users\jc\AppData\Local\resmon.resmoncfg
[2011/11/13 12:33:49 | 000,013,302 | ---- | M] () -- C:\Users\jc\Desktop\Seto no Hanayome - Shortcut.lnk
[2011/11/12 20:53:57 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/10 23:51:16 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 23:43:02 | 000,001,178 | -HS- | C] () -- C:\Users\jc\AppData\Local\8e41tv0x82n235
[2011/12/10 23:43:02 | 000,001,178 | -HS- | C] () -- C:\ProgramData\8e41tv0x82n235
[2011/12/10 16:42:54 | 000,001,122 | -HS- | C] () -- C:\Users\jc\AppData\Local\785717l4t046v007b072k0fkc2y2
[2011/12/10 16:42:54 | 000,001,122 | -HS- | C] () -- C:\ProgramData\785717l4t046v007b072k0fkc2y2
[2011/12/10 01:17:28 | 000,014,640 | ---- | C] () -- C:\Users\jc\Desktop\[ANE] Shinryaku! Ika Musume [BDRip 720p x264 FLAC] - Shortcut.lnk
[2011/12/10 01:07:39 | 000,016,285 | ---- | C] () -- C:\Users\jc\Desktop\Nogizaka Haruka no Himitsu - Purezza (2009) [Doki][1920x1080 h264 BD AAC] - Shortcut.lnk
[2011/12/10 01:07:37 | 000,015,944 | ---- | C] () -- C:\Users\jc\Desktop\[AQS-Anime] Nogizaka Haruka no Himitsu 1-12 (XviD) - Shortcut.lnk
[2011/12/10 00:06:58 | 000,001,159 | ---- | C] () -- C:\Users\jc\Desktop\[Steins;Sub]_Steins;Gate_Batch_[720p] - Shortcut.lnk
[2011/12/09 19:50:52 | 000,012,936 | ---- | C] () -- C:\Users\jc\Desktop\[ANE] Ore no Imouto ga Konna ni Kawaii Wake ga Nai [BDRip 720p x264 Hi10p Vorbis] - Shortcut.lnk
[2011/12/09 19:42:35 | 000,012,413 | ---- | C] () -- C:\Users\jc\Desktop\Astarotte no Omocha! [Underwater-Commie] - Shortcut.lnk
[2011/12/09 00:18:16 | 000,056,588 | ---- | C] () -- C:\Users\jc\Desktop\me 2009.jpg
[2011/12/08 21:32:46 | 000,000,974 | ---- | C] () -- C:\Users\jc\Desktop\Outlaw Star OSTs - Shortcut.lnk
[2011/12/08 09:50:07 | 000,000,634 | ---- | C] () -- C:\Users\jc\Desktop\Anno5 - Shortcut.lnk
[2011/12/08 05:51:19 | 000,014,071 | ---- | C] () -- C:\Users\jc\Desktop\[Hiryuu-HiNA] Dog Days - Shortcut.lnk
[2011/12/08 02:25:02 | 000,012,398 | ---- | C] () -- C:\Users\jc\Desktop\[Coalgirls] Seitokai Yakuindomo - Shortcut.lnk
[2011/12/06 16:51:28 | 111,992,377 | ---- | C] () -- C:\Users\jc\Desktop\[TheWorld]AlphaClient.zip
[2011/12/06 16:33:50 | 000,014,447 | ---- | C] () -- C:\Users\jc\Desktop\[Ryuumaru] Omamori Himari (DVD) - Shortcut.lnk
[2011/12/06 15:39:59 | 000,014,170 | ---- | C] () -- C:\Users\jc\Desktop\To LOVE-Ru - Trouble OVA - Shortcut.lnk
[2011/12/06 15:39:57 | 000,014,211 | ---- | C] () -- C:\Users\jc\Desktop\To Love-Ru [Exiled Destiny] - Shortcut.lnk
[2011/12/06 15:39:52 | 000,014,710 | ---- | C] () -- C:\Users\jc\Desktop\Motto To LOVE-Ru (2010) [Doki-Chihiro][1280x720 h264 BD AAC] - Shortcut.lnk
[2011/12/06 15:38:37 | 000,012,624 | ---- | C] () -- C:\Users\jc\Desktop\[Kira-Fansub]_MM!_Complete+Extras_(BD_1920x1080_h264_AAC) - Shortcut.lnk
[2011/12/06 01:08:02 | 000,001,573 | ---- | C] () -- C:\Users\jc\Desktop\[KiteSeekers-Wasurenai] Tantei Opera Milky Holmes [1280x720 H264 OGG] 01-12 [Batch] - Shortcut.lnk
[2011/12/06 00:51:55 | 000,001,226 | ---- | C] () -- C:\Users\jc\Desktop\Denpa Onna to Seishun Otoko Music Collection - Shortcut.lnk
[2011/12/05 20:27:57 | 000,001,244 | ---- | C] () -- C:\Users\jc\Desktop\[Chihiro]_Sora_no_Woto_[1280x720_Blu-Ray_FLAC] - Shortcut.lnk
[2011/12/05 17:11:50 | 000,001,046 | ---- | C] () -- C:\Users\jc\Desktop\[Chihiro] Kamisama Dolls - Shortcut.lnk
[2011/12/05 14:12:20 | 000,001,198 | ---- | C] () -- C:\Users\jc\Desktop\openttd - Shortcut.lnk
[2011/12/05 13:32:26 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\OpenTTD.lnk
[2011/12/05 13:25:32 | 000,024,576 | ---- | C] () -- C:\Windows\UniFISH.exe
[2011/12/05 13:16:00 | 007,736,947 | ---- | C] () -- C:\Users\jc\Desktop\transport-tycoon-deluxe.zip
[2011/12/05 13:14:06 | 015,563,634 | ---- | C] () -- C:\Users\jc\Desktop\ttd-win.zip
[2011/12/05 00:39:11 | 000,001,015 | ---- | C] () -- C:\Users\jc\Desktop\Higurashi Soundtracks - Shortcut.lnk
[2011/12/04 22:25:57 | 000,000,862 | ---- | C] () -- C:\Users\jc\Desktop\11 Tenko's Theme B - Shortcut.lnk
[2011/12/04 20:31:40 | 000,012,078 | ---- | C] () -- C:\Users\jc\Desktop\Kamisama Kazoku - Shortcut.lnk
[2011/12/04 17:31:48 | 000,012,278 | ---- | C] () -- C:\Users\jc\Desktop\[Chihiro]_Akikan_[h264] - Shortcut.lnk
[2011/12/03 18:32:55 | 000,001,141 | ---- | C] () -- C:\Users\jc\Desktop\[polished] Sora no Otoshimono (DVD) - Shortcut.lnk
[2011/12/03 18:20:29 | 000,013,762 | ---- | C] () -- C:\Users\jc\Desktop\[tlacatlc6] Sora no Otoshimono OVA (BD 1920x1080 x264 FLAC) - Shortcut.lnk
[2011/12/03 18:19:44 | 000,001,213 | ---- | C] () -- C:\Users\jc\Desktop\[SubDesu] Sora no Otoshimono Forte BD 1080p - Shortcut.lnk
[2011/12/03 18:19:29 | 000,001,280 | ---- | C] () -- C:\Users\jc\Desktop\[Kira-Fansub] Uchuu no Stellvia (BD H264 1280x960) - Shortcut.lnk
[2011/12/03 17:58:51 | 000,001,015 | ---- | C] () -- C:\Users\jc\Desktop\raimuiro senkitan ova - Shortcut.lnk
[2011/12/03 17:58:13 | 000,001,159 | ---- | C] () -- C:\Users\jc\Desktop\[ReDone] Lime-Colored War Tales (DVD) - Shortcut.lnk
[2011/12/03 12:06:52 | 000,001,167 | ---- | C] () -- C:\Users\jc\Desktop\OGPlanet Launcher.lnk
[2011/12/02 16:52:01 | 000,000,702 | ---- | C] () -- C:\Users\jc\Desktop\MicroVolts.lnk
[2011/12/01 23:13:43 | 000,045,841 | ---- | C] () -- C:\Users\jc\Desktop\lucky.jpg
[2011/12/01 22:55:48 | 000,098,696 | ---- | C] () -- C:\Users\jc\Desktop\kidnap.jpg
[2011/12/01 16:50:00 | 000,001,051 | ---- | C] () -- C:\Users\jc\Desktop\YuruYuri Music Collection - Shortcut.lnk
[2011/12/01 15:41:28 | 000,013,176 | ---- | C] () -- C:\Users\jc\Desktop\01 Kizuite Zombie-sama, Watashi ha Classmate desu - Shortcut.lnk
[2011/12/01 15:40:39 | 000,001,555 | ---- | C] () -- C:\Users\jc\Desktop\[Kira-Fansub]_Choujuushin_Gravion_Zwei_Complete_(BD 1280x960 h264 JP AAC EN AAC) - Shortcut.lnk
[2011/11/30 23:45:57 | 000,058,574 | ---- | C] () -- C:\Users\jc\Desktop\recruitment1.jpg
[2011/11/30 23:41:45 | 000,083,077 | ---- | C] () -- C:\Users\jc\Desktop\recruitment.jpg
[2011/11/28 19:46:29 | 000,000,717 | ---- | C] () -- C:\Users\jc\Desktop\RemnantKnights.lnk
[2011/11/28 19:20:56 | 955,779,400 | ---- | C] () -- C:\Users\jc\Desktop\RKClient.exe
[2011/11/26 10:27:50 | 000,014,756 | ---- | C] () -- C:\Users\jc\Desktop\[Oyasumi]_Welcome_to_the_NHK! - Shortcut.lnk
[2011/11/26 10:26:55 | 000,012,338 | ---- | C] () -- C:\Users\jc\Desktop\[Carbon]Seitokai no Ichizon - Shortcut.lnk
[2011/11/26 10:05:12 | 000,000,943 | ---- | C] () -- C:\Users\jc\Desktop\Kaibutsu Oujo - Shortcut.lnk
[2011/11/26 05:14:47 | 000,001,115 | ---- | C] () -- C:\Users\jc\Desktop\patcher_s4 - Shortcut.lnk
[2011/11/25 14:25:49 | 000,000,673 | ---- | C] () -- C:\Users\jc\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/11/25 14:25:46 | 000,000,440 | -H-- | C] () -- C:\ProgramData\jh2p9zIoBQ8oHl
[2011/11/23 13:04:00 | 000,042,649 | ---- | C] () -- C:\Users\jc\Desktop\TooManyItems2011_11_18.zip
[2011/11/20 00:15:33 | 000,924,070 | ---- | C] () -- C:\Users\jc\Desktop\youtube.png
[2011/11/15 14:14:24 | 093,007,246 | ---- | C] () -- C:\Users\jc\Desktop\Reconquista.rar
[2011/11/15 12:29:00 | 000,000,017 | ---- | C] () -- C:\Users\jc\AppData\Local\resmon.resmoncfg
[2011/11/13 12:33:49 | 000,013,302 | ---- | C] () -- C:\Users\jc\Desktop\Seto no Hanayome - Shortcut.lnk
[2011/11/12 20:53:57 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/09/22 11:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/28 00:06:09 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/08/26 17:11:44 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/08/04 18:47:02 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/05/31 17:02:18 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/05/12 21:41:51 | 000,000,132 | ---- | C] () -- C:\Users\jc\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/07 18:47:41 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2011/05/07 18:47:41 | 000,004,145 | ---- | C] () -- C:\Windows\unins000.dat
[2011/05/03 18:23:58 | 002,287,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/14 20:07:11 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/04/03 20:03:10 | 001,269,745 | ---- | C] () -- C:\Users\jc\AppData\Roaming\minecraft-1.4.jar
[2011/03/19 21:24:36 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/19 21:24:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/03/19 21:24:31 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/15 09:06:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/15 09:06:02 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/03 17:26:22 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/03/03 17:26:22 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/03/03 17:26:16 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/02/21 13:17:34 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/29 22:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe

========== LOP Check ==========

[2011/11/25 14:53:27 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\.minecraft
[2011/06/03 03:32:21 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\.Nitrous
[2011/11/29 14:35:25 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\.purple
[2011/07/11 00:24:29 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\0ad
[2011/03/19 22:01:42 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Atari
[2011/04/05 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/22 00:52:08 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\DAEMON Tools Lite
[2011/03/31 19:02:23 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Downloaded Installations
[2011/04/05 16:01:44 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\DriverCure
[2011/05/07 18:48:44 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\FFSJ
[2011/08/22 03:15:05 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Firefly Studios
[2011/03/30 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Foxit Software
[2011/04/05 16:03:25 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\GeoSetter
[2011/10/05 01:11:08 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\gtk-2.0
[2011/09/29 13:55:13 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\JoyChina
[2011/09/03 08:58:56 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Kalypso Media
[2011/04/14 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Leadertech
[2011/05/07 14:48:43 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\MotioninJoy
[2011/10/23 18:27:36 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Mumble
[2011/04/18 01:40:47 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\OpenOffice.org
[2011/10/26 00:43:38 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Origin
[2011/08/28 00:06:09 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\PACE Anti-Piracy
[2011/11/24 21:45:58 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\PTGui
[2011/09/22 22:44:17 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Publish Providers
[2011/11/07 16:14:13 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Sony
[2011/04/05 16:22:32 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/15 21:36:11 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\The Creative Assembly
[2011/12/08 07:39:02 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Ubisoft
[2011/12/10 23:37:00 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\uTorrent
[2011/08/07 22:12:17 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\wargaming.net
[2011/04/14 18:12:22 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\WebcamMax
[2011/08/21 17:48:27 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/10/13 00:00:23 | 050,492,066 | ---- | M] ()(C:\Users\jc\Desktop\osu!???????????? Sumidagawa Karenka[Extra].mp4) -- C:\Users\jc\Desktop\osu!ランク動画。隅田川夏恋歌 Sumidagawa Karenka[Extra].mp4
[2011/10/12 23:59:02 | 050,492,066 | ---- | C] ()(C:\Users\jc\Desktop\osu!???????????? Sumidagawa Karenka[Extra].mp4) -- C:\Users\jc\Desktop\osu!ランク動画。隅田川夏恋歌 Sumidagawa Karenka[Extra].mp4
[2011/09/08 13:15:56 | 035,829,923 | ---- | C] ()(C:\Users\jc\Desktop\???? [Love is War] Supercell Tribute Stowaways [HD].mp4) -- C:\Users\jc\Desktop\恋は戦争 [Love is War] Supercell Tribute Stowaways [HD].mp4
[2011/09/08 13:15:49 | 035,829,923 | ---- | M] ()(C:\Users\jc\Desktop\???? [Love is War] Supercell Tribute Stowaways [HD].mp4) -- C:\Users\jc\Desktop\恋は戦争 [Love is War] Supercell Tribute Stowaways [HD].mp4
[2011/08/18 04:32:28 | 021,974,307 | ---- | C] ()(C:\Users\jc\Desktop\[email protected]??'09???PV(??)?.mp4) -- C:\Users\jc\Desktop\【初音ミク】勝手なアニメ「恋スル[email protected]」【'09生誕祭PV(遅刻)】.mp4
[2011/08/18 04:32:23 | 021,974,307 | ---- | M] ()(C:\Users\jc\Desktop\[email protected]??'09???PV(??)?.mp4) -- C:\Users\jc\Desktop\【初音ミク】勝手なアニメ「恋スル[email protected]」【'09生誕祭PV(遅刻)】.mp4
[2011/08/05 04:55:16 | 000,239,500 | ---- | M] ()(C:\Users\jc\Desktop\????????.htm) -- C:\Users\jc\Desktop\無トドンメュキ題.htm
[2011/08/05 04:54:54 | 000,239,500 | ---- | C] ()(C:\Users\jc\Desktop\????????.htm) -- C:\Users\jc\Desktop\無トドンメュキ題.htm

========== Alternate Data Streams ==========

@Alternate Data Stream - 1379 bytes -> C:\ProgramData\Microsoft:lUjbdJbOYhuqrnL4RVptfX6i5
@Alternate Data Stream - 1304 bytes -> C:\ProgramData\Microsoft:jwoVSRO6wt6IHpgY4E6QwO4lucP
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4184EE6F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Attached Files

  • Attached File  OTL.Txt   108.24KB   38 downloads

Edited by Essexboy, 11 December 2011 - 07:26 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I see that you have a proxy set up via Hong Kong, are you aware of that and happy with it ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/10 23:43:02 | 000,001,178 | -HS- | M] () -- C:\Users\jc\AppData\Local\8e41tv0x82n235
    [2011/12/10 23:43:02 | 000,001,178 | -HS- | M] () -- C:\ProgramData\8e41tv0x82n235
    [2011/12/10 16:42:55 | 000,001,122 | -HS- | M] () -- C:\ProgramData\785717l4t046v007b072k0fkc2y2
    [2011/12/10 16:42:54 | 000,001,122 | -HS- | M] () -- C:\Users\jc\AppData\Local\785717l4t046v007b072k0fkc2y2
    [2011/11/25 14:26:48 | 000,000,440 | -H-- | M] () -- C:\ProgramData\jh2p9zIoBQ8oHl
    [2011/12/10 23:43:02 | 000,001,178 | -HS- | C] () -- C:\Users\jc\AppData\Local\8e41tv0x82n235
    [2011/12/10 23:43:02 | 000,001,178 | -HS- | C] () -- C:\ProgramData\8e41tv0x82n235
    [2011/12/10 16:42:54 | 000,001,122 | -HS- | C] () -- C:\Users\jc\AppData\Local\785717l4t046v007b072k0fkc2y2
    [2011/12/10 16:42:54 | 000,001,122 | -HS- | C] () -- C:\ProgramData\785717l4t046v007b072k0fkc2y2
    [2011/11/25 14:25:49 | 000,000,673 | ---- | C] () -- C:\Users\jc\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/11/25 14:25:46 | 000,000,440 | -H-- | C] () -- C:\ProgramData\jh2p9zIoBQ8oHl
    @Alternate Data Stream - 1379 bytes -> C:\ProgramData\Microsoft:lUjbdJbOYhuqrnL4RVptfX6i5
    @Alternate Data Stream - 1304 bytes -> C:\ProgramData\Microsoft:jwoVSRO6wt6IHpgY4E6QwO4lucP

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
MrJc

MrJc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
One I would like to say thanks for the Quick reply to this and two would your rather have the files as attachment or in the message itself? I just want to know what is more convenient for you.
  • 0

#4
MrJc

MrJc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I ran OTL again and followed your directions here is what it said (im going to post the whole thing in here)

OTL

OTL logfile created on: 12/11/2011 8:21:53 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jc\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.37 Gb Available Physical Memory | 86.41% Memory free
23.99 Gb Paging File | 22.31 Gb Available in Paging File | 92.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 166.77 Gb Total Space | 77.69 Gb Free Space | 46.58% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 3.60 Gb Free Space | 18.43% Space Free | Partition Type: NTFS
Drive E: | 446.23 Gb Total Space | 150.47 Gb Free Space | 33.72% Space Free | Partition Type: NTFS
Drive H: | 1397.26 Gb Total Space | 21.92 Gb Free Space | 1.57% Space Free | Partition Type: NTFS
Drive J: | 931.49 Gb Total Space | 808.61 Gb Free Space | 86.81% Space Free | Partition Type: exFAT
Drive P: | 1397.26 Gb Total Space | 237.98 Gb Free Space | 17.03% Space Free | Partition Type: NTFS

Computer Name: JC-PC | User Name: jc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/11 01:05:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jc\Desktop\OTL.exe
PRC - [2011/10/27 18:14:34 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/22 11:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/18 00:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011/03/18 00:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- P:\Programfiles\ZoneAlarm\zlclient.exe
PRC - [2011/03/03 17:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/21 13:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2010/04/26 18:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET) -- P:\Program Files\NIK\x86\ekrn.exe
PRC - [2009/03/29 22:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Modules (No Company Name) ==========

MOD - [2009/03/29 22:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/06 13:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/30 20:01:55 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011/10/27 18:14:34 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/22 14:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/22 11:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/03 17:57:24 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/06 14:29:10 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/03/18 00:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/03/03 17:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/21 13:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/29 13:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- P:\Program Files\NIK\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- P:\Program Files\NIK\x86\ekrn.exe -- (ekrn)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/07 15:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/11 04:33:38 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/06/11 04:32:49 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/04/29 02:11:22 | 000,060,928 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV:64bit: - [2011/03/22 00:42:44 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/17 11:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011/03/17 11:10:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011/03/17 11:10:34 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/03/03 17:25:20 | 004,183,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:64bit: - [2011/03/03 17:23:54 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/01/01 09:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/05/30 19:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/15 15:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/04/26 17:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/26 17:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/29 13:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/29 13:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/29 12:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 25 29 39 09 89 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 113.254.193.230:9415

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jc\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jc\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/25 14:52:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/25 14:52:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: P:\Program Files\NIK\Mozilla Thunderbird [2011/11/25 18:27:33 | 000,000,000 | ---D | M]

[2011/02/24 20:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jc\AppData\Roaming\Mozilla\Extensions
[2011/02/24 20:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jc\AppData\Roaming\Mozilla\Firefox\Profiles\4eiuennm.default\extensions
[2011/11/25 15:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jc\AppData\Roaming\Mozilla\Firefox\Profiles\e7na2145.default\extensions
[2011/08/22 23:00:19 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\jc\AppData\Roaming\Mozilla\Firefox\Profiles\e7na2145.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/08/04 01:08:46 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\jc\AppData\Roaming\Mozilla\Firefox\Profiles\e7na2145.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011/11/10 00:30:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/11/10 00:29:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/24 21:26:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 10:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/03 12:51:45 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 00:29:46 | 000,002,040 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jc\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jc\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jc\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\jc\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_HatsuneMiku = C:\Users\jc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcacbggjcnkdgchjnekppjkkkhlijkdd\2_0\

O1 HOSTS File: ([2011/12/11 08:14:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [egui] P:\Program Files\NIK\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [QuickTime Task] P:\Programfiles\Ava\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] P:\Programfiles\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\jc\AppData\Local\Akamai\netsession_win.exe File not found
O4 - HKCU..\Run: [Steam] E:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: facebook.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 64.233.207.8 64.233.207.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B1A3CF-C723-4B16-890C-268BBFF77D8E}: DhcpNameServer = 192.168.2.1 192.168.2.1 64.233.207.8 64.233.207.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B264A2B6-E054-4F7E-A1F2-6952CFF329DA}: DhcpNameServer = 192.168.2.1 192.168.2.1 64.233.207.8 64.233.207.9
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/15 15:49:12 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/20 18:47:35 | 000,000,000 | R--D | M] - H:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 08:14:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/11 08:13:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\jc\Desktop\aswMBR.exe
[2011/12/11 01:04:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jc\Desktop\OTL.exe
[2011/12/10 23:52:01 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Roaming\Malwarebytes
[2011/12/10 23:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/10 23:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/10 23:51:12 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/10 23:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/10 23:50:50 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jc\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/10 23:24:19 | 002,562,040 | ---- | C] (Symantec Corporation) -- C:\Users\jc\Desktop\anti virus.exe
[2011/12/10 23:23:18 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Local\NPE
[2011/12/10 23:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/12/10 06:08:08 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\New folder (5)
[2011/12/08 08:53:30 | 000,000,000 | ---D | C] -- C:\Users\jc\Documents\Guild Wars
[2011/12/08 08:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2011/12/08 08:19:39 | 000,000,000 | ---D | C] -- C:\Users\jc\Documents\ANNO 2070
[2011/12/08 07:39:02 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Roaming\Ubisoft
[2011/12/08 07:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/12/06 19:19:58 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\[TheWorld]AlphaClient
[2011/12/05 13:35:03 | 000,000,000 | ---D | C] -- C:\Users\jc\Documents\OpenTTD
[2011/12/05 13:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
[2011/12/05 13:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MicroProse
[2011/12/05 13:25:32 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microprose
[2011/12/05 13:18:35 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\TT_deluxe
[2011/12/05 13:15:19 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\New folder (4)
[2011/12/03 12:06:52 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet
[2011/12/02 16:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MicroVolts
[2011/12/02 16:40:12 | 802,461,008 | ---- | C] (RockHippo Productions Ltd. ) -- C:\Users\jc\Desktop\MicroVolts_0.8.7.12_ENG.exe
[2011/11/28 19:49:47 | 000,000,000 | ---D | C] -- C:\Users\jc\Documents\Game
[2011/11/28 19:44:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/11/27 11:05:54 | 000,000,000 | ---D | C] -- C:\Users\jc\Documents\Cities In Motion
[2011/11/26 04:53:57 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\ant
[2011/11/25 19:07:01 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Local\ESET
[2011/11/25 18:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/11/25 18:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/11/25 18:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/11/25 18:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/23 13:15:00 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\New folder (3)
[2011/11/19 06:37:57 | 000,000,000 | ---D | C] -- C:\Users\jc\Desktop\tp
[2011/11/17 01:13:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrisOnline
[2011/11/12 21:15:15 | 000,000,000 | ---D | C] -- C:\Users\jc\AppData\Local\Skyrim
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/11 08:22:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2135341396-832709877-624523004-1000UA.job
[2011/12/11 08:19:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/11 08:19:06 | 1072,308,222 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/11 08:14:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/12/11 08:13:14 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\jc\Desktop\aswMBR.exe
[2011/12/11 07:38:17 | 000,001,447 | ---- | M] () -- C:\Users\jc\Desktop\[Mazui-Zero] Ookami-san to Shichinin no Nakamatachi 01-12 END [BATCH] - Shortcut.lnk
[2011/12/11 03:34:46 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2135341396-832709877-624523004-1000Core.job
[2011/12/11 01:05:50 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 01:05:50 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 01:05:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jc\Desktop\OTL.exe
[2011/12/10 23:51:16 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 23:51:03 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jc\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/10 23:24:19 | 002,562,040 | ---- | M] (Symantec Corporation) -- C:\Users\jc\Desktop\anti virus.exe
[2011/12/10 01:17:28 | 000,014,640 | ---- | M] () -- C:\Users\jc\Desktop\[ANE] Shinryaku! Ika Musume [BDRip 720p x264 FLAC] - Shortcut.lnk
[2011/12/10 01:07:39 | 000,016,285 | ---- | M] () -- C:\Users\jc\Desktop\Nogizaka Haruka no Himitsu - Purezza (2009) [Doki][1920x1080 h264 BD AAC] - Shortcut.lnk
[2011/12/10 01:07:37 | 000,015,944 | ---- | M] () -- C:\Users\jc\Desktop\[AQS-Anime] Nogizaka Haruka no Himitsu 1-12 (XviD) - Shortcut.lnk
[2011/12/10 00:06:58 | 000,001,159 | ---- | M] () -- C:\Users\jc\Desktop\[Steins;Sub]_Steins;Gate_Batch_[720p] - Shortcut.lnk
[2011/12/09 19:50:52 | 000,012,936 | ---- | M] () -- C:\Users\jc\Desktop\[ANE] Ore no Imouto ga Konna ni Kawaii Wake ga Nai [BDRip 720p x264 Hi10p Vorbis] - Shortcut.lnk
[2011/12/09 19:42:35 | 000,012,413 | ---- | M] () -- C:\Users\jc\Desktop\Astarotte no Omocha! [Underwater-Commie] - Shortcut.lnk
[2011/12/09 00:14:41 | 000,056,588 | ---- | M] () -- C:\Users\jc\Desktop\me 2009.jpg
[2011/12/08 21:32:46 | 000,000,974 | ---- | M] () -- C:\Users\jc\Desktop\Outlaw Star OSTs - Shortcut.lnk
[2011/12/08 09:50:07 | 000,000,634 | ---- | M] () -- C:\Users\jc\Desktop\Anno5 - Shortcut.lnk
[2011/12/08 05:51:19 | 000,014,071 | ---- | M] () -- C:\Users\jc\Desktop\[Hiryuu-HiNA] Dog Days - Shortcut.lnk
[2011/12/08 02:25:02 | 000,012,398 | ---- | M] () -- C:\Users\jc\Desktop\[Coalgirls] Seitokai Yakuindomo - Shortcut.lnk
[2011/12/08 02:12:32 | 578,510,543 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/06 16:52:40 | 111,992,377 | ---- | M] () -- C:\Users\jc\Desktop\[TheWorld]AlphaClient.zip
[2011/12/06 16:33:50 | 000,014,447 | ---- | M] () -- C:\Users\jc\Desktop\[Ryuumaru] Omamori Himari (DVD) - Shortcut.lnk
[2011/12/06 15:39:59 | 000,014,170 | ---- | M] () -- C:\Users\jc\Desktop\To LOVE-Ru - Trouble OVA - Shortcut.lnk
[2011/12/06 15:39:57 | 000,014,211 | ---- | M] () -- C:\Users\jc\Desktop\To Love-Ru [Exiled Destiny] - Shortcut.lnk
[2011/12/06 15:39:52 | 000,014,710 | ---- | M] () -- C:\Users\jc\Desktop\Motto To LOVE-Ru (2010) [Doki-Chihiro][1280x720 h264 BD AAC] - Shortcut.lnk
[2011/12/06 15:38:37 | 000,012,624 | ---- | M] () -- C:\Users\jc\Desktop\[Kira-Fansub]_MM!_Complete+Extras_(BD_1920x1080_h264_AAC) - Shortcut.lnk
[2011/12/06 01:08:02 | 000,001,573 | ---- | M] () -- C:\Users\jc\Desktop\[KiteSeekers-Wasurenai] Tantei Opera Milky Holmes [1280x720 H264 OGG] 01-12 [Batch] - Shortcut.lnk
[2011/12/06 00:52:17 | 000,001,226 | ---- | M] () -- C:\Users\jc\Desktop\Denpa Onna to Seishun Otoko Music Collection - Shortcut.lnk
[2011/12/05 20:27:57 | 000,001,244 | ---- | M] () -- C:\Users\jc\Desktop\[Chihiro]_Sora_no_Woto_[1280x720_Blu-Ray_FLAC] - Shortcut.lnk
[2011/12/05 17:11:50 | 000,001,046 | ---- | M] () -- C:\Users\jc\Desktop\[Chihiro] Kamisama Dolls - Shortcut.lnk
[2011/12/05 14:12:18 | 000,001,198 | ---- | M] () -- C:\Users\jc\Desktop\openttd - Shortcut.lnk
[2011/12/05 13:32:26 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\OpenTTD.lnk
[2011/12/05 13:18:24 | 007,736,947 | ---- | M] () -- C:\Users\jc\Desktop\transport-tycoon-deluxe.zip
[2011/12/05 13:15:05 | 015,563,634 | ---- | M] () -- C:\Users\jc\Desktop\ttd-win.zip
[2011/12/05 00:39:11 | 000,001,015 | ---- | M] () -- C:\Users\jc\Desktop\Higurashi Soundtracks - Shortcut.lnk
[2011/12/04 22:25:57 | 000,000,862 | ---- | M] () -- C:\Users\jc\Desktop\11 Tenko's Theme B - Shortcut.lnk
[2011/12/04 20:31:40 | 000,012,078 | ---- | M] () -- C:\Users\jc\Desktop\Kamisama Kazoku - Shortcut.lnk
[2011/12/04 17:31:48 | 000,012,278 | ---- | M] () -- C:\Users\jc\Desktop\[Chihiro]_Akikan_[h264] - Shortcut.lnk
[2011/12/03 18:32:55 | 000,001,141 | ---- | M] () -- C:\Users\jc\Desktop\[polished] Sora no Otoshimono (DVD) - Shortcut.lnk
[2011/12/03 18:20:29 | 000,013,762 | ---- | M] () -- C:\Users\jc\Desktop\[tlacatlc6] Sora no Otoshimono OVA (BD 1920x1080 x264 FLAC) - Shortcut.lnk
[2011/12/03 18:19:44 | 000,001,213 | ---- | M] () -- C:\Users\jc\Desktop\[SubDesu] Sora no Otoshimono Forte BD 1080p - Shortcut.lnk
[2011/12/03 18:19:29 | 000,001,280 | ---- | M] () -- C:\Users\jc\Desktop\[Kira-Fansub] Uchuu no Stellvia (BD H264 1280x960) - Shortcut.lnk
[2011/12/03 17:58:51 | 000,001,015 | ---- | M] () -- C:\Users\jc\Desktop\raimuiro senkitan ova - Shortcut.lnk
[2011/12/03 17:58:13 | 000,001,159 | ---- | M] () -- C:\Users\jc\Desktop\[ReDone] Lime-Colored War Tales (DVD) - Shortcut.lnk
[2011/12/03 12:52:44 | 000,001,167 | ---- | M] () -- C:\Users\jc\Desktop\OGPlanet Launcher.lnk
[2011/12/02 17:27:47 | 000,002,379 | ---- | M] () -- C:\Users\jc\Desktop\Google Chrome.lnk
[2011/12/02 16:52:01 | 000,000,702 | ---- | M] () -- C:\Users\jc\Desktop\MicroVolts.lnk
[2011/12/02 16:50:20 | 802,461,008 | ---- | M] (RockHippo Productions Ltd. ) -- C:\Users\jc\Desktop\MicroVolts_0.8.7.12_ENG.exe
[2011/12/01 23:12:24 | 000,045,841 | ---- | M] () -- C:\Users\jc\Desktop\lucky.jpg
[2011/12/01 16:50:00 | 000,001,051 | ---- | M] () -- C:\Users\jc\Desktop\YuruYuri Music Collection - Shortcut.lnk
[2011/12/01 15:41:28 | 000,013,176 | ---- | M] () -- C:\Users\jc\Desktop\01 Kizuite Zombie-sama, Watashi ha Classmate desu - Shortcut.lnk
[2011/12/01 15:40:39 | 000,001,555 | ---- | M] () -- C:\Users\jc\Desktop\[Kira-Fansub]_Choujuushin_Gravion_Zwei_Complete_(BD 1280x960 h264 JP AAC EN AAC) - Shortcut.lnk
[2011/11/30 23:45:26 | 000,058,574 | ---- | M] () -- C:\Users\jc\Desktop\recruitment1.jpg
[2011/11/30 23:41:29 | 000,083,077 | ---- | M] () -- C:\Users\jc\Desktop\recruitment.jpg
[2011/11/28 19:42:23 | 955,779,400 | ---- | M] () -- C:\Users\jc\Desktop\RKClient.exe
[2011/11/26 10:27:50 | 000,014,756 | ---- | M] () -- C:\Users\jc\Desktop\[Oyasumi]_Welcome_to_the_NHK! - Shortcut.lnk
[2011/11/26 10:26:55 | 000,012,338 | ---- | M] () -- C:\Users\jc\Desktop\[Carbon]Seitokai no Ichizon - Shortcut.lnk
[2011/11/26 10:05:12 | 000,000,943 | ---- | M] () -- C:\Users\jc\Desktop\Kaibutsu Oujo - Shortcut.lnk
[2011/11/26 05:14:47 | 000,001,115 | ---- | M] () -- C:\Users\jc\Desktop\patcher_s4 - Shortcut.lnk
[2011/11/23 13:04:03 | 000,042,649 | ---- | M] () -- C:\Users\jc\Desktop\TooManyItems2011_11_18.zip
[2011/11/20 00:15:33 | 000,924,070 | ---- | M] () -- C:\Users\jc\Desktop\youtube.png
[2011/11/15 14:15:27 | 093,007,246 | ---- | M] () -- C:\Users\jc\Desktop\Reconquista.rar
[2011/11/15 12:29:00 | 000,000,017 | ---- | M] () -- C:\Users\jc\AppData\Local\resmon.resmoncfg
[2011/11/13 12:33:49 | 000,013,302 | ---- | M] () -- C:\Users\jc\Desktop\Seto no Hanayome - Shortcut.lnk
[2011/11/12 20:53:57 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/11 07:38:17 | 000,001,447 | ---- | C] () -- C:\Users\jc\Desktop\[Mazui-Zero] Ookami-san to Shichinin no Nakamatachi 01-12 END [BATCH] - Shortcut.lnk
[2011/12/10 23:51:16 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 01:17:28 | 000,014,640 | ---- | C] () -- C:\Users\jc\Desktop\[ANE] Shinryaku! Ika Musume [BDRip 720p x264 FLAC] - Shortcut.lnk
[2011/12/10 01:07:39 | 000,016,285 | ---- | C] () -- C:\Users\jc\Desktop\Nogizaka Haruka no Himitsu - Purezza (2009) [Doki][1920x1080 h264 BD AAC] - Shortcut.lnk
[2011/12/10 01:07:37 | 000,015,944 | ---- | C] () -- C:\Users\jc\Desktop\[AQS-Anime] Nogizaka Haruka no Himitsu 1-12 (XviD) - Shortcut.lnk
[2011/12/10 00:06:58 | 000,001,159 | ---- | C] () -- C:\Users\jc\Desktop\[Steins;Sub]_Steins;Gate_Batch_[720p] - Shortcut.lnk
[2011/12/09 19:50:52 | 000,012,936 | ---- | C] () -- C:\Users\jc\Desktop\[ANE] Ore no Imouto ga Konna ni Kawaii Wake ga Nai [BDRip 720p x264 Hi10p Vorbis] - Shortcut.lnk
[2011/12/09 19:42:35 | 000,012,413 | ---- | C] () -- C:\Users\jc\Desktop\Astarotte no Omocha! [Underwater-Commie] - Shortcut.lnk
[2011/12/09 00:18:16 | 000,056,588 | ---- | C] () -- C:\Users\jc\Desktop\me 2009.jpg
[2011/12/08 21:32:46 | 000,000,974 | ---- | C] () -- C:\Users\jc\Desktop\Outlaw Star OSTs - Shortcut.lnk
[2011/12/08 09:50:07 | 000,000,634 | ---- | C] () -- C:\Users\jc\Desktop\Anno5 - Shortcut.lnk
[2011/12/08 05:51:19 | 000,014,071 | ---- | C] () -- C:\Users\jc\Desktop\[Hiryuu-HiNA] Dog Days - Shortcut.lnk
[2011/12/08 02:25:02 | 000,012,398 | ---- | C] () -- C:\Users\jc\Desktop\[Coalgirls] Seitokai Yakuindomo - Shortcut.lnk
[2011/12/06 16:51:28 | 111,992,377 | ---- | C] () -- C:\Users\jc\Desktop\[TheWorld]AlphaClient.zip
[2011/12/06 16:33:50 | 000,014,447 | ---- | C] () -- C:\Users\jc\Desktop\[Ryuumaru] Omamori Himari (DVD) - Shortcut.lnk
[2011/12/06 15:39:59 | 000,014,170 | ---- | C] () -- C:\Users\jc\Desktop\To LOVE-Ru - Trouble OVA - Shortcut.lnk
[2011/12/06 15:39:57 | 000,014,211 | ---- | C] () -- C:\Users\jc\Desktop\To Love-Ru [Exiled Destiny] - Shortcut.lnk
[2011/12/06 15:39:52 | 000,014,710 | ---- | C] () -- C:\Users\jc\Desktop\Motto To LOVE-Ru (2010) [Doki-Chihiro][1280x720 h264 BD AAC] - Shortcut.lnk
[2011/12/06 15:38:37 | 000,012,624 | ---- | C] () -- C:\Users\jc\Desktop\[Kira-Fansub]_MM!_Complete+Extras_(BD_1920x1080_h264_AAC) - Shortcut.lnk
[2011/12/06 01:08:02 | 000,001,573 | ---- | C] () -- C:\Users\jc\Desktop\[KiteSeekers-Wasurenai] Tantei Opera Milky Holmes [1280x720 H264 OGG] 01-12 [Batch] - Shortcut.lnk
[2011/12/06 00:51:55 | 000,001,226 | ---- | C] () -- C:\Users\jc\Desktop\Denpa Onna to Seishun Otoko Music Collection - Shortcut.lnk
[2011/12/05 20:27:57 | 000,001,244 | ---- | C] () -- C:\Users\jc\Desktop\[Chihiro]_Sora_no_Woto_[1280x720_Blu-Ray_FLAC] - Shortcut.lnk
[2011/12/05 17:11:50 | 000,001,046 | ---- | C] () -- C:\Users\jc\Desktop\[Chihiro] Kamisama Dolls - Shortcut.lnk
[2011/12/05 14:12:20 | 000,001,198 | ---- | C] () -- C:\Users\jc\Desktop\openttd - Shortcut.lnk
[2011/12/05 13:32:26 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\OpenTTD.lnk
[2011/12/05 13:25:32 | 000,024,576 | ---- | C] () -- C:\Windows\UniFISH.exe
[2011/12/05 13:16:00 | 007,736,947 | ---- | C] () -- C:\Users\jc\Desktop\transport-tycoon-deluxe.zip
[2011/12/05 13:14:06 | 015,563,634 | ---- | C] () -- C:\Users\jc\Desktop\ttd-win.zip
[2011/12/05 00:39:11 | 000,001,015 | ---- | C] () -- C:\Users\jc\Desktop\Higurashi Soundtracks - Shortcut.lnk
[2011/12/04 22:25:57 | 000,000,862 | ---- | C] () -- C:\Users\jc\Desktop\11 Tenko's Theme B - Shortcut.lnk
[2011/12/04 20:31:40 | 000,012,078 | ---- | C] () -- C:\Users\jc\Desktop\Kamisama Kazoku - Shortcut.lnk
[2011/12/04 17:31:48 | 000,012,278 | ---- | C] () -- C:\Users\jc\Desktop\[Chihiro]_Akikan_[h264] - Shortcut.lnk
[2011/12/03 18:32:55 | 000,001,141 | ---- | C] () -- C:\Users\jc\Desktop\[polished] Sora no Otoshimono (DVD) - Shortcut.lnk
[2011/12/03 18:20:29 | 000,013,762 | ---- | C] () -- C:\Users\jc\Desktop\[tlacatlc6] Sora no Otoshimono OVA (BD 1920x1080 x264 FLAC) - Shortcut.lnk
[2011/12/03 18:19:44 | 000,001,213 | ---- | C] () -- C:\Users\jc\Desktop\[SubDesu] Sora no Otoshimono Forte BD 1080p - Shortcut.lnk
[2011/12/03 18:19:29 | 000,001,280 | ---- | C] () -- C:\Users\jc\Desktop\[Kira-Fansub] Uchuu no Stellvia (BD H264 1280x960) - Shortcut.lnk
[2011/12/03 17:58:51 | 000,001,015 | ---- | C] () -- C:\Users\jc\Desktop\raimuiro senkitan ova - Shortcut.lnk
[2011/12/03 17:58:13 | 000,001,159 | ---- | C] () -- C:\Users\jc\Desktop\[ReDone] Lime-Colored War Tales (DVD) - Shortcut.lnk
[2011/12/03 12:06:52 | 000,001,167 | ---- | C] () -- C:\Users\jc\Desktop\OGPlanet Launcher.lnk
[2011/12/02 16:52:01 | 000,000,702 | ---- | C] () -- C:\Users\jc\Desktop\MicroVolts.lnk
[2011/12/01 23:13:43 | 000,045,841 | ---- | C] () -- C:\Users\jc\Desktop\lucky.jpg
[2011/12/01 22:55:48 | 000,098,696 | ---- | C] () -- C:\Users\jc\Desktop\kidnap.jpg
[2011/12/01 16:50:00 | 000,001,051 | ---- | C] () -- C:\Users\jc\Desktop\YuruYuri Music Collection - Shortcut.lnk
[2011/12/01 15:41:28 | 000,013,176 | ---- | C] () -- C:\Users\jc\Desktop\01 Kizuite Zombie-sama, Watashi ha Classmate desu - Shortcut.lnk
[2011/12/01 15:40:39 | 000,001,555 | ---- | C] () -- C:\Users\jc\Desktop\[Kira-Fansub]_Choujuushin_Gravion_Zwei_Complete_(BD 1280x960 h264 JP AAC EN AAC) - Shortcut.lnk
[2011/11/30 23:45:57 | 000,058,574 | ---- | C] () -- C:\Users\jc\Desktop\recruitment1.jpg
[2011/11/30 23:41:45 | 000,083,077 | ---- | C] () -- C:\Users\jc\Desktop\recruitment.jpg
[2011/11/28 19:20:56 | 955,779,400 | ---- | C] () -- C:\Users\jc\Desktop\RKClient.exe
[2011/11/26 10:27:50 | 000,014,756 | ---- | C] () -- C:\Users\jc\Desktop\[Oyasumi]_Welcome_to_the_NHK! - Shortcut.lnk
[2011/11/26 10:26:55 | 000,012,338 | ---- | C] () -- C:\Users\jc\Desktop\[Carbon]Seitokai no Ichizon - Shortcut.lnk
[2011/11/26 10:05:12 | 000,000,943 | ---- | C] () -- C:\Users\jc\Desktop\Kaibutsu Oujo - Shortcut.lnk
[2011/11/26 05:14:47 | 000,001,115 | ---- | C] () -- C:\Users\jc\Desktop\patcher_s4 - Shortcut.lnk
[2011/11/23 13:04:00 | 000,042,649 | ---- | C] () -- C:\Users\jc\Desktop\TooManyItems2011_11_18.zip
[2011/11/20 00:15:33 | 000,924,070 | ---- | C] () -- C:\Users\jc\Desktop\youtube.png
[2011/11/15 14:14:24 | 093,007,246 | ---- | C] () -- C:\Users\jc\Desktop\Reconquista.rar
[2011/11/15 12:29:00 | 000,000,017 | ---- | C] () -- C:\Users\jc\AppData\Local\resmon.resmoncfg
[2011/11/13 12:33:49 | 000,013,302 | ---- | C] () -- C:\Users\jc\Desktop\Seto no Hanayome - Shortcut.lnk
[2011/11/12 20:53:57 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/09/22 11:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/28 00:06:09 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/08/26 17:11:44 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/08/04 18:47:02 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/05/31 17:02:18 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/05/12 21:41:51 | 000,000,132 | ---- | C] () -- C:\Users\jc\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/07 18:47:41 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2011/05/07 18:47:41 | 000,004,145 | ---- | C] () -- C:\Windows\unins000.dat
[2011/05/03 18:23:58 | 002,287,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/14 20:07:11 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/04/03 20:03:10 | 001,269,745 | ---- | C] () -- C:\Users\jc\AppData\Roaming\minecraft-1.4.jar
[2011/03/19 21:24:36 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/19 21:24:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/03/19 21:24:31 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/15 09:06:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/15 09:06:02 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/03 17:26:22 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/03/03 17:26:22 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/03/03 17:26:16 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/02/21 13:17:34 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/29 22:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe

========== LOP Check ==========

[2011/11/25 14:53:27 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\.minecraft
[2011/06/03 03:32:21 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\.Nitrous
[2011/11/29 14:35:25 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\.purple
[2011/07/11 00:24:29 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\0ad
[2011/03/19 22:01:42 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Atari
[2011/04/05 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/22 00:52:08 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\DAEMON Tools Lite
[2011/03/31 19:02:23 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Downloaded Installations
[2011/04/05 16:01:44 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\DriverCure
[2011/05/07 18:48:44 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\FFSJ
[2011/08/22 03:15:05 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Firefly Studios
[2011/03/30 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Foxit Software
[2011/04/05 16:03:25 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\GeoSetter
[2011/10/05 01:11:08 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\gtk-2.0
[2011/09/29 13:55:13 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\JoyChina
[2011/09/03 08:58:56 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Kalypso Media
[2011/04/14 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Leadertech
[2011/05/07 14:48:43 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\MotioninJoy
[2011/10/23 18:27:36 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Mumble
[2011/04/18 01:40:47 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\OpenOffice.org
[2011/10/26 00:43:38 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Origin
[2011/08/28 00:06:09 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\PACE Anti-Piracy
[2011/11/24 21:45:58 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\PTGui
[2011/09/22 22:44:17 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Publish Providers
[2011/11/07 16:14:13 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Sony
[2011/04/05 16:22:32 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/15 21:36:11 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\The Creative Assembly
[2011/12/08 07:39:02 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\Ubisoft
[2011/12/11 08:12:10 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\uTorrent
[2011/08/07 22:12:17 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\wargaming.net
[2011/04/14 18:12:22 | 000,000,000 | ---D | M] -- C:\Users\jc\AppData\Roaming\WebcamMax
[2011/08/21 17:48:27 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/10/13 00:00:23 | 050,492,066 | ---- | M] ()(C:\Users\jc\Desktop\osu!???????????? Sumidagawa Karenka[Extra].mp4) -- C:\Users\jc\Desktop\osu!ランク動画。隅田川夏恋歌 Sumidagawa Karenka[Extra].mp4
[2011/10/12 23:59:02 | 050,492,066 | ---- | C] ()(C:\Users\jc\Desktop\osu!???????????? Sumidagawa Karenka[Extra].mp4) -- C:\Users\jc\Desktop\osu!ランク動画。隅田川夏恋歌 Sumidagawa Karenka[Extra].mp4
[2011/09/08 13:15:56 | 035,829,923 | ---- | C] ()(C:\Users\jc\Desktop\???? [Love is War] Supercell Tribute Stowaways [HD].mp4) -- C:\Users\jc\Desktop\恋は戦争 [Love is War] Supercell Tribute Stowaways [HD].mp4
[2011/09/08 13:15:49 | 035,829,923 | ---- | M] ()(C:\Users\jc\Desktop\???? [Love is War] Supercell Tribute Stowaways [HD].mp4) -- C:\Users\jc\Desktop\恋は戦争 [Love is War] Supercell Tribute Stowaways [HD].mp4
[2011/08/18 04:32:28 | 021,974,307 | ---- | C] ()(C:\Users\jc\Desktop\[email protected]??'09???PV(??)?.mp4) -- C:\Users\jc\Desktop\【初音ミク】勝手なアニメ「恋スル[email protected]」【'09生誕祭PV(遅刻)】.mp4
[2011/08/18 04:32:23 | 021,974,307 | ---- | M] ()(C:\Users\jc\Desktop\[email protected]??'09???PV(??)?.mp4) -- C:\Users\jc\Desktop\【初音ミク】勝手なアニメ「恋スル[email protected]」【'09生誕祭PV(遅刻)】.mp4
[2011/08/05 04:55:16 | 000,239,500 | ---- | M] ()(C:\Users\jc\Desktop\????????.htm) -- C:\Users\jc\Desktop\無トドンメュキ題.htm
[2011/08/05 04:54:54 | 000,239,500 | ---- | C] ()(C:\Users\jc\Desktop\????????.htm) -- C:\Users\jc\Desktop\無トドンメュキ題.htm

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4184EE6F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >




Here is the text file for aswMBR



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-11 08:28:37
-----------------------------
08:28:37.564 OS Version: Windows x64 6.1.7601 Service Pack 1
08:28:37.564 Number of processors: 3 586 0x402
08:28:37.564 ComputerName: JC-PC UserName: jc
08:28:40.478 Initialize success
08:28:57.946 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
08:28:57.950 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
08:28:57.954 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
08:28:57.958 Disk 1 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
08:28:57.964 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
08:28:57.969 Disk 2 Vendor: ST3200822AS 3.02 Size: 190782MB BusType: 3
08:28:57.986 Disk 2 MBR read successfully
08:28:57.988 Disk 2 MBR scan
08:28:57.990 Disk 2 [email protected] code has been found
08:28:57.993 Disk 2 MBR [TDL4] **ROOTKIT**
08:28:57.996 Service scanning
08:29:06.246 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
08:29:06.413 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
08:29:06.997 Modules scanning
08:29:07.008 Disk 2 trace - called modules:
08:29:07.026 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8009a2f2c0]<<
08:29:07.038 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800ab0f790]
08:29:07.043 3 CLASSPNP.SYS[fffff8800185a43f] -> nt!IofCallDriver -> [0xfffffa800a8ef520]
08:29:07.048 5 ACPI.sys[fffff88000c0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800a88a060]
08:29:07.052 \Driver\atapi[0xfffffa8009b66b90] -> IRP_MJ_CREATE -> 0xfffffa8009a2f2c0
08:29:07.057 Scan finished successfully
08:29:40.439 Disk 2 MBR has been saved successfully to "C:\Users\jc\Desktop\MBR.dat"
08:29:40.442 The log file has been saved successfully to "C:\Users\jc\Desktop\aswMBR.txt"
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Pasting makes it easier for me to read :)

Could I re-ask you about the Hong Kong proxy, did you set it ?

Re-Run aswMBR

Click Scan

On completion of the scanClick the Fix Button

Posted Image

Save the log as before and post in your next reply
  • 0

#6
MrJc

MrJc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
HI again the Hong Kong proxy was set by me it was for an online mmo game to play with some friends of mine.
I have one problem with the aswmbr it dose not give me the option to hit fix. the only option i get is to savelog and fixmbr
  • 0

#7
MrJc

MrJc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
also I hope i didnt make a big mistake as i was re running it to see if it changed i hit the fixmbr on accident and thought that it was the basic fix button and ran it without noticing i hope that dosent cause a hug problem. but even after that i still have no problems regarding my computer the only reason i saw that my comp was infected was due to eset.

Edited by MrJc, 11 December 2011 - 09:13 AM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah OK I see that the problem is on your second drive, I will use a different tool for that, what OS is installed on drive 2 ?

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#9
MrJc

MrJc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
-edited and removed wrong post- Just saying i figured it would help make the page smaller

Edited by MrJc, 11 December 2011 - 09:29 AM.

  • 0

#10
MrJc

MrJc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Also im suprised my os is instealled on my second drive i thought i put them in the right order when i built my computer
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you repost the mbrcheck log please as the last bit is missing :)
  • 0

#12
MrJc

MrJc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
AH im sorry it looks like i cut the program short i did get the y and n part here is the log

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000082fc

Kernel Drivers (total 203):
0x03661000 \SystemRoot\system32\ntoskrnl.exe
0x03618000 \SystemRoot\system32\hal.dll
0x00B9A000 \SystemRoot\system32\kdcom.dll
0x00CBC000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CC9000 \SystemRoot\system32\PSHED.dll
0x00CDD000 \SystemRoot\system32\CLFS.SYS
0x00D3B000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00CA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E24000 \SystemRoot\System32\Drivers\spxx.sys
0x00F58000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00F61000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00F90000 \SystemRoot\system32\drivers\ACPI.sys
0x00FE7000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FF1000 \SystemRoot\system32\drivers\vdrvroot.sys
0x010F9000 \SystemRoot\system32\drivers\pci.sys
0x0112C000 \SystemRoot\System32\drivers\partmgr.sys
0x01141000 \SystemRoot\system32\drivers\volmgr.sys
0x01156000 \SystemRoot\System32\drivers\volmgrx.sys
0x011B2000 \SystemRoot\system32\drivers\pciide.sys
0x011B9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x011C9000 \SystemRoot\System32\drivers\mountmgr.sys
0x01000000 \SystemRoot\system32\drivers\vmbus.sys
0x0103C000 \SystemRoot\system32\drivers\winhv.sys
0x01050000 \SystemRoot\system32\drivers\atapi.sys
0x01059000 \SystemRoot\system32\drivers\ataport.SYS
0x01083000 \SystemRoot\system32\drivers\amdxata.sys
0x0108E000 \SystemRoot\system32\drivers\fltmgr.sys
0x010DA000 \SystemRoot\system32\drivers\fileinfo.sys
0x01236000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0144E000 \SystemRoot\System32\Drivers\msrpc.sys
0x014AC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014C7000 \SystemRoot\System32\Drivers\cng.sys
0x01539000 \SystemRoot\System32\drivers\pcw.sys
0x0154A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016CD000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01893000 \SystemRoot\System32\drivers\tcpip.sys
0x01A97000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AE1000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01AF1000 \SystemRoot\system32\drivers\volsnap.sys
0x01B3D000 \SystemRoot\System32\Drivers\spldr.sys
0x01B45000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B7F000 \SystemRoot\System32\Drivers\mup.sys
0x01B91000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B9A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BD4000 \SystemRoot\system32\DRIVERS\disk.sys
0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01866000 \SystemRoot\system32\drivers\cdrom.sys
0x01BEA000 \SystemRoot\System32\Drivers\Null.SYS
0x01BF3000 \SystemRoot\System32\Drivers\Beep.SYS
0x0168B000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x016AE000 \SystemRoot\System32\drivers\vga.sys
0x017C0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x017E5000 \SystemRoot\System32\drivers\watchdog.sys
0x017F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x016BC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01554000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0155D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01568000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01579000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0159B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x040FD000 \SystemRoot\system32\drivers\afd.sys
0x04186000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04000000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x04095000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0409E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x040C4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x040D3000 \SystemRoot\system32\DRIVERS\serial.sys
0x041CB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x041E6000 \SystemRoot\system32\drivers\termdd.sys
0x015A8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x040F0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01400000 \SystemRoot\system32\drivers\mssmbios.sys
0x0140B000 \SystemRoot\System32\drivers\discache.sys
0x042B8000 \SystemRoot\system32\drivers\csc.sys
0x0433B000 \SystemRoot\System32\Drivers\dfsc.sys
0x04359000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0436A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04390000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x13231000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x13EA5000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x13EA7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x13F9B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x13200000 \SystemRoot\system32\drivers\HDAudBus.sys
0x043A5000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x13224000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x13226000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x13FE1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x13FF2000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04256000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x0425E000 \SystemRoot\system32\drivers\1394ohci.sys
0x046CE000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04721000 \SystemRoot\System32\Drivers\a9di8tqm.SYS
0x04765000 \SystemRoot\system32\drivers\wmiacpi.sys
0x0476E000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0477E000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x04781000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0479A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x047A3000 \SystemRoot\system32\DRIVERS\vrtaucbl.sys
0x047B2000 \SystemRoot\system32\DRIVERS\portcls.sys
0x04600000 \SystemRoot\system32\DRIVERS\drmk.sys
0x04622000 \SystemRoot\system32\DRIVERS\ks.sys
0x04665000 \SystemRoot\system32\drivers\ksthunk.sys
0x0466B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04681000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x046A5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0141A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x046B1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x043D5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0429C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x047EF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x013D9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x013E8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x047FA000 \SystemRoot\system32\drivers\swenum.sys
0x01200000 \SystemRoot\system32\drivers\umbus.sys
0x01212000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x04C21000 \SystemRoot\system32\drivers\usbhub.sys
0x04C7B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04C88000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x04C90000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04CA5000 \SystemRoot\system32\drivers\nvhda64v.sys
0x05C24000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x05E4B000 \SystemRoot\System32\drivers\Dxapi.sys
0x05E57000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05E65000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05E71000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05E7A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05E8D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05E9B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05EB6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x004B0000 \SystemRoot\System32\TSDDD.dll
0x05ED3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x00670000 \SystemRoot\System32\cdd.dll
0x00870000 \SystemRoot\System32\ATMFD.DLL
0x07003000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x05EE1000 \SystemRoot\system32\drivers\usbaudio.sys
0x05EFC000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x05F4E000 \SystemRoot\system32\drivers\luafv.sys
0x04CD2000 \SystemRoot\system32\DRIVERS\eamon.sys
0x05F71000 \SystemRoot\system32\drivers\WudfPf.sys
0x05F92000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05FA7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07E08000 \SystemRoot\system32\drivers\HTTP.sys
0x07ED1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07EEF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07F07000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07F34000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07F81000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07FA5000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x07FC5000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x082B4000 \SystemRoot\system32\drivers\peauth.sys
0x0835A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08365000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08396000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08200000 \SystemRoot\System32\DRIVERS\srv2.sys
0x086EE000 \SystemRoot\System32\DRIVERS\srv.sys
0x08786000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x08794000 \SystemRoot\System32\Drivers\exfat.SYS
0x087C9000 \??\C:\Users\jc\AppData\Local\Temp\aswMBR.sys
0x087D7000 \??\C:\Windows\system32\drivers\mbam.sys
0x770C0000 \Windows\System32\ntdll.dll
0x47A80000 \Windows\System32\smss.exe
0xFF3E0000 \Windows\System32\apisetschema.dll
0xFF170000 \Windows\System32\autochk.exe
0xFF1C0000 \Windows\System32\ole32.dll
0xFF120000 \Windows\System32\comdlg32.dll
0xFEFF0000 \Windows\System32\rpcrt4.dll
0x76F60000 \Windows\System32\wininet.dll
0xFEF90000 \Windows\System32\Wldap32.dll
0xFEEB0000 \Windows\System32\advapi32.dll
0x77290000 \Windows\System32\psapi.dll
0x76E10000 \Windows\System32\urlmon.dll
0xFEEA0000 \Windows\System32\nsi.dll
0xFEE50000 \Windows\System32\ws2_32.dll
0xFEDB0000 \Windows\System32\msvcrt.dll
0xFEBD0000 \Windows\System32\setupapi.dll
0x76D10000 \Windows\System32\user32.dll
0x76B00000 \Windows\System32\iertutil.dll
0xFEB00000 \Windows\System32\usp10.dll
0xFDD70000 \Windows\System32\shell32.dll
0xFDD50000 \Windows\System32\sechost.dll
0xFDC40000 \Windows\System32\msctf.dll
0xFDC10000 \Windows\System32\imm32.dll
0xFDBF0000 \Windows\System32\imagehlp.dll
0xFDB50000 \Windows\System32\clbcatq.dll
0xFDB40000 \Windows\System32\lpk.dll
0x769E0000 \Windows\System32\kernel32.dll
0x77280000 \Windows\System32\normaliz.dll
0xFDAD0000 \Windows\System32\gdi32.dll
0xFDA50000 \Windows\System32\difxapi.dll
0xFD970000 \Windows\System32\oleaut32.dll
0xFD8F0000 \Windows\System32\shlwapi.dll
0xFD8D0000 \Windows\System32\devobj.dll
0xFD890000 \Windows\System32\wintrust.dll
0xFD7F0000 \Windows\System32\comctl32.dll
0xFD7B0000 \Windows\System32\cfgmgr32.dll
0xFD740000 \Windows\System32\KernelBase.dll
0xFD5D0000 \Windows\System32\crypt32.dll
0xFD5C0000 \Windows\System32\msasn1.dll

Processes (total 57):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
544 csrss.exe
600 C:\Windows\System32\wininit.exe
632 csrss.exe
656 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
804 C:\Windows\System32\winlogon.exe
812 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\nvvsvc.exe
924 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
968 C:\Windows\System32\svchost.exe
280 C:\Windows\System32\svchost.exe
444 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\svchost.exe
984 C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
1088 C:\Windows\System32\audiodg.exe
1240 C:\Windows\System32\svchost.exe
1340 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1352 C:\Windows\System32\nvvsvc.exe
1480 C:\Windows\System32\svchost.exe
1540 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1824 C:\Windows\System32\dwm.exe
1848 C:\Windows\explorer.exe
1300 C:\Program Files\Classic Shell\ClassicStartMenu.exe
1324 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1620 C:\Windows\System32\spoolsv.exe
1668 P:\Program Files\NIK\egui.exe
1676 C:\Windows\System32\taskhost.exe
1880 C:\Windows\System32\svchost.exe
2096 C:\Windows\System32\taskeng.exe
2160 P:\Program Files\NIK\x86\ekrn.exe
2180 C:\Windows\System32\svchost.exe
2224 C:\Windows\DAODx.exe
2240 C:\Windows\SysWOW64\nlssrv32.exe
2296 C:\Windows\SysWOW64\PnkBstrA.exe
2320 C:\Windows\System32\svchost.exe
2644 E:\Program Files\Steam\Steam.exe
3060 C:\Windows\System32\svchost.exe
1736 C:\Windows\System32\taskhost.exe
2848 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
1988 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
1868 C:\Windows\System32\SearchIndexer.exe
3096 P:\Programfiles\ZoneAlarm\zlclient.exe
3608 C:\Program Files\Windows Media Player\wmpnetwk.exe
4068 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2352 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3820 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1304 C:\Windows\System32\svchost.exe
4468 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
4532 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
4640 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
3648 C:\Users\jc\Desktop\MBRCheck.exe
4856 C:\Windows\System32\conhost.exe
4796 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000004`e22cec00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000004`e22d6a00 (NTFS)
\\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000 (NTFS)
\\.\J: --> \\.\PhysicalDrive4 at offset 0x00000000`00100000 (exFAT)
\\.\P: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive2 Model Number: ST3200822AS, Rev: 3.02
PhysicalDrive1 Model Number: ST3500630AS, Rev: 3.AAK
PhysicalDrive3 Model Number: WDExt HDD 1021, Rev: 2002
PhysicalDrive4 Model Number: WDExt HDD 1021, Rev: 2002
PhysicalDrive0 Model Number: ST31500341AS, Rev: CC1H

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive2 Unknown MBR code
SHA1: E833A7327C8056CA7298E327AE7061B946E3F257
465 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive3 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
931 GB \\.\PhysicalDrive4 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

PhysicalDrive4 Unknown MBR code

This is also reporting as a possible bad boy, what is on that drive ?

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:



Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):



Enter >>2<< and press Enter

The following dialog will be presented:

Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:



Enter >>1<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:



Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...



Press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#14
MrJc

MrJc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
That drive is one of my externals with random files and photos on it

here is the mbrcheck

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000082fc

Kernel Drivers (total 203):
0x03661000 \SystemRoot\system32\ntoskrnl.exe
0x03618000 \SystemRoot\system32\hal.dll
0x00B9A000 \SystemRoot\system32\kdcom.dll
0x00CBC000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CC9000 \SystemRoot\system32\PSHED.dll
0x00CDD000 \SystemRoot\system32\CLFS.SYS
0x00D3B000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00CA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E24000 \SystemRoot\System32\Drivers\spxx.sys
0x00F58000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00F61000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00F90000 \SystemRoot\system32\drivers\ACPI.sys
0x00FE7000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FF1000 \SystemRoot\system32\drivers\vdrvroot.sys
0x010F9000 \SystemRoot\system32\drivers\pci.sys
0x0112C000 \SystemRoot\System32\drivers\partmgr.sys
0x01141000 \SystemRoot\system32\drivers\volmgr.sys
0x01156000 \SystemRoot\System32\drivers\volmgrx.sys
0x011B2000 \SystemRoot\system32\drivers\pciide.sys
0x011B9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x011C9000 \SystemRoot\System32\drivers\mountmgr.sys
0x01000000 \SystemRoot\system32\drivers\vmbus.sys
0x0103C000 \SystemRoot\system32\drivers\winhv.sys
0x01050000 \SystemRoot\system32\drivers\atapi.sys
0x01059000 \SystemRoot\system32\drivers\ataport.SYS
0x01083000 \SystemRoot\system32\drivers\amdxata.sys
0x0108E000 \SystemRoot\system32\drivers\fltmgr.sys
0x010DA000 \SystemRoot\system32\drivers\fileinfo.sys
0x01236000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0144E000 \SystemRoot\System32\Drivers\msrpc.sys
0x014AC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014C7000 \SystemRoot\System32\Drivers\cng.sys
0x01539000 \SystemRoot\System32\drivers\pcw.sys
0x0154A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016CD000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01893000 \SystemRoot\System32\drivers\tcpip.sys
0x01A97000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AE1000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01AF1000 \SystemRoot\system32\drivers\volsnap.sys
0x01B3D000 \SystemRoot\System32\Drivers\spldr.sys
0x01B45000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B7F000 \SystemRoot\System32\Drivers\mup.sys
0x01B91000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B9A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BD4000 \SystemRoot\system32\DRIVERS\disk.sys
0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01866000 \SystemRoot\system32\drivers\cdrom.sys
0x01BEA000 \SystemRoot\System32\Drivers\Null.SYS
0x01BF3000 \SystemRoot\System32\Drivers\Beep.SYS
0x0168B000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x016AE000 \SystemRoot\System32\drivers\vga.sys
0x017C0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x017E5000 \SystemRoot\System32\drivers\watchdog.sys
0x017F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x016BC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01554000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0155D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01568000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01579000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0159B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x040FD000 \SystemRoot\system32\drivers\afd.sys
0x04186000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04000000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x04095000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0409E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x040C4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x040D3000 \SystemRoot\system32\DRIVERS\serial.sys
0x041CB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x041E6000 \SystemRoot\system32\drivers\termdd.sys
0x015A8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x040F0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01400000 \SystemRoot\system32\drivers\mssmbios.sys
0x0140B000 \SystemRoot\System32\drivers\discache.sys
0x042B8000 \SystemRoot\system32\drivers\csc.sys
0x0433B000 \SystemRoot\System32\Drivers\dfsc.sys
0x04359000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0436A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04390000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x13231000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x13EA5000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x13EA7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x13F9B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x13200000 \SystemRoot\system32\drivers\HDAudBus.sys
0x043A5000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x13224000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x13226000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x13FE1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x13FF2000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04256000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x0425E000 \SystemRoot\system32\drivers\1394ohci.sys
0x046CE000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04721000 \SystemRoot\System32\Drivers\a9di8tqm.SYS
0x04765000 \SystemRoot\system32\drivers\wmiacpi.sys
0x0476E000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0477E000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x04781000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0479A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x047A3000 \SystemRoot\system32\DRIVERS\vrtaucbl.sys
0x047B2000 \SystemRoot\system32\DRIVERS\portcls.sys
0x04600000 \SystemRoot\system32\DRIVERS\drmk.sys
0x04622000 \SystemRoot\system32\DRIVERS\ks.sys
0x04665000 \SystemRoot\system32\drivers\ksthunk.sys
0x0466B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04681000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x046A5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0141A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x046B1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x043D5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0429C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x047EF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x013D9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x013E8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x047FA000 \SystemRoot\system32\drivers\swenum.sys
0x01200000 \SystemRoot\system32\drivers\umbus.sys
0x01212000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x04C21000 \SystemRoot\system32\drivers\usbhub.sys
0x04C7B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04C88000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x04C90000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04CA5000 \SystemRoot\system32\drivers\nvhda64v.sys
0x05C24000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x05E4B000 \SystemRoot\System32\drivers\Dxapi.sys
0x05E57000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05E65000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05E71000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05E7A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05E8D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05E9B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05EB6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x004B0000 \SystemRoot\System32\TSDDD.dll
0x05ED3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x00670000 \SystemRoot\System32\cdd.dll
0x00870000 \SystemRoot\System32\ATMFD.DLL
0x07003000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x05EE1000 \SystemRoot\system32\drivers\usbaudio.sys
0x05EFC000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x05F4E000 \SystemRoot\system32\drivers\luafv.sys
0x04CD2000 \SystemRoot\system32\DRIVERS\eamon.sys
0x05F71000 \SystemRoot\system32\drivers\WudfPf.sys
0x05F92000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05FA7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07E08000 \SystemRoot\system32\drivers\HTTP.sys
0x07ED1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07EEF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07F07000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07F34000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07F81000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07FA5000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x07FC5000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x082B4000 \SystemRoot\system32\drivers\peauth.sys
0x0835A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08365000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08396000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08200000 \SystemRoot\System32\DRIVERS\srv2.sys
0x086EE000 \SystemRoot\System32\DRIVERS\srv.sys
0x08786000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x08794000 \SystemRoot\System32\Drivers\exfat.SYS
0x087C9000 \??\C:\Users\jc\AppData\Local\Temp\aswMBR.sys
0x087D7000 \??\C:\Windows\system32\drivers\mbam.sys
0x770C0000 \Windows\System32\ntdll.dll
0x47A80000 \Windows\System32\smss.exe
0xFF3E0000 \Windows\System32\apisetschema.dll
0xFF170000 \Windows\System32\autochk.exe
0xFF1C0000 \Windows\System32\ole32.dll
0xFF120000 \Windows\System32\comdlg32.dll
0xFEFF0000 \Windows\System32\rpcrt4.dll
0x76F60000 \Windows\System32\wininet.dll
0xFEF90000 \Windows\System32\Wldap32.dll
0xFEEB0000 \Windows\System32\advapi32.dll
0x77290000 \Windows\System32\psapi.dll
0x76E10000 \Windows\System32\urlmon.dll
0xFEEA0000 \Windows\System32\nsi.dll
0xFEE50000 \Windows\System32\ws2_32.dll
0xFEDB0000 \Windows\System32\msvcrt.dll
0xFEBD0000 \Windows\System32\setupapi.dll
0x76D10000 \Windows\System32\user32.dll
0x76B00000 \Windows\System32\iertutil.dll
0xFEB00000 \Windows\System32\usp10.dll
0xFDD70000 \Windows\System32\shell32.dll
0xFDD50000 \Windows\System32\sechost.dll
0xFDC40000 \Windows\System32\msctf.dll
0xFDC10000 \Windows\System32\imm32.dll
0xFDBF0000 \Windows\System32\imagehlp.dll
0xFDB50000 \Windows\System32\clbcatq.dll
0xFDB40000 \Windows\System32\lpk.dll
0x769E0000 \Windows\System32\kernel32.dll
0x77280000 \Windows\System32\normaliz.dll
0xFDAD0000 \Windows\System32\gdi32.dll
0xFDA50000 \Windows\System32\difxapi.dll
0xFD970000 \Windows\System32\oleaut32.dll
0xFD8F0000 \Windows\System32\shlwapi.dll
0xFD8D0000 \Windows\System32\devobj.dll
0xFD890000 \Windows\System32\wintrust.dll
0xFD7F0000 \Windows\System32\comctl32.dll
0xFD7B0000 \Windows\System32\cfgmgr32.dll
0xFD740000 \Windows\System32\KernelBase.dll
0xFD5D0000 \Windows\System32\crypt32.dll
0xFD5C0000 \Windows\System32\msasn1.dll

Processes (total 55):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
544 csrss.exe
600 C:\Windows\System32\wininit.exe
632 csrss.exe
656 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
804 C:\Windows\System32\winlogon.exe
812 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\nvvsvc.exe
924 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
968 C:\Windows\System32\svchost.exe
280 C:\Windows\System32\svchost.exe
444 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\svchost.exe
984 C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
1088 C:\Windows\System32\audiodg.exe
1240 C:\Windows\System32\svchost.exe
1340 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1352 C:\Windows\System32\nvvsvc.exe
1480 C:\Windows\System32\svchost.exe
1540 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1824 C:\Windows\System32\dwm.exe
1848 C:\Windows\explorer.exe
1300 C:\Program Files\Classic Shell\ClassicStartMenu.exe
1324 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1620 C:\Windows\System32\spoolsv.exe
1668 P:\Program Files\NIK\egui.exe
1676 C:\Windows\System32\taskhost.exe
1880 C:\Windows\System32\svchost.exe
2096 C:\Windows\System32\taskeng.exe
2160 P:\Program Files\NIK\x86\ekrn.exe
2180 C:\Windows\System32\svchost.exe
2224 C:\Windows\DAODx.exe
2240 C:\Windows\SysWOW64\nlssrv32.exe
2296 C:\Windows\SysWOW64\PnkBstrA.exe
2320 C:\Windows\System32\svchost.exe
2644 E:\Program Files\Steam\Steam.exe
3060 C:\Windows\System32\svchost.exe
1736 C:\Windows\System32\taskhost.exe
2848 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
1988 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
1868 C:\Windows\System32\SearchIndexer.exe
3096 P:\Programfiles\ZoneAlarm\zlclient.exe
3608 C:\Program Files\Windows Media Player\wmpnetwk.exe
4068 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3820 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1304 C:\Windows\System32\svchost.exe
4468 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
4532 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
4640 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
5036 C:\Users\jc\Desktop\MBRCheck.exe
4936 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000004`e22cec00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000004`e22d6a00 (NTFS)
\\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000 (NTFS)
\\.\J: --> \\.\PhysicalDrive4 at offset 0x00000000`00100000 (exFAT)
\\.\P: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive2 Model Number: ST3200822AS, Rev: 3.02
PhysicalDrive1 Model Number: ST3500630AS, Rev: 3.AAK
PhysicalDrive3 Model Number: WDExt HDD 1021, Rev: 2002
PhysicalDrive4 Model Number: WDExt HDD 1021, Rev: 2002
PhysicalDrive0 Model Number: ST31500341AS, Rev: CC1H

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive2 Unknown MBR code
SHA1: E833A7327C8056CA7298E327AE7061B946E3F257
465 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive3 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
931 GB \\.\PhysicalDrive4 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 2Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now do a quick scan with eset to see if the malware is still being detected please
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP