Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help With Win32/Olmarik.axy.trojan

Started by thexmanone , Dec 11 2011 04:27 PM

  • This topic is locked This topic is locked

#1
thexmanone
Posted 11 December 2011 - 04:27 PM

thexmanone

    Member

  • Member
  • PipPip
  • 10 posts
Hello,

Eset Smart Security Found a threat:

Object: MBR sector of the 1.physical disk

Threat: Win32/Olmarik.AXY.Trojan

Can anyone give me a hand in this one. I Can`t seem to get ride of it. I`am running windows 7 64 bit.

Thank you


OLT Log:

OTL logfile created on: 12/11/2011 7:04:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\Users\John\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.34 Gb Available Physical Memory | 66.87% Memory free
9.94 Gb Paging File | 6.74 Gb Available in Paging File | 67.78% Paging File free
Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 49.71 Gb Free Space | 66.78% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 144.33 Gb Free Space | 7.75% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.82 Mb Free Space | 71.82% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 707.18 Gb Free Space | 75.92% Space Free | Partition Type: NTFS
Drive X: | 931.51 Gb Total Space | 661.18 Gb Free Space | 70.98% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/11 19:03:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\Users\John\Downloads\OTL.exe
PRC - [2011/11/23 20:15:37 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/22 12:36:38 | 000,359,528 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
PRC - [2011/11/10 00:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/16 23:45:20 | 000,737,104 | ---- | M] (ecareme) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
PRC - [2011/08/08 17:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- X:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/08/01 19:07:14 | 001,242,448 | ---- | M] (Valve Corporation) -- F:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/17 09:40:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011/05/14 22:33:55 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
PRC - [2011/04/19 21:56:47 | 000,083,240 | ---- | M] () -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/03/31 07:37:11 | 000,312,616 | ---- | M] (CyberLink) -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/03/31 07:37:06 | 000,070,952 | ---- | M] (CyberLink) -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011/01/12 15:41:42 | 000,810,144 | ---- | M] (ESET) -- F:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/11/20 06:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/11/09 12:10:24 | 001,792,224 | ---- | M] (FSPro Labs) -- F:\Program Files\My Lockbox\mylbx.exe
PRC - [2010/06/15 02:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- F:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\php-cgi.exe
PRC - [2010/06/15 02:53:48 | 001,417,216 | ---- | M] () -- F:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exe
PRC - [2010/02/04 04:10:51 | 000,131,752 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
PRC - [2010/02/04 04:10:44 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2007/10/24 12:54:00 | 012,656,769 | ---- | M] (VIP Quality Software, Ltd) -- F:\Program Files (x86)\VIP Quality Software\VIP Organizer\VIP Organizer.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/11 17:53:35 | 014,410,024 | ---- | M] () -- F:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/12/11 17:53:33 | 000,194,344 | ---- | M] () -- F:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/12/11 17:53:31 | 000,091,432 | ---- | M] () -- F:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/12/11 17:53:29 | 000,155,432 | ---- | M] () -- F:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/12/11 17:53:27 | 000,914,216 | ---- | M] () -- F:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/11/22 12:36:38 | 000,359,528 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
MOD - [2011/11/16 17:19:28 | 000,061,440 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\RTMUI.dll
MOD - [2011/11/16 17:19:26 | 000,299,008 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\RTHAL.dll
MOD - [2011/11/16 17:19:18 | 000,225,280 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\RTCore.dll
MOD - [2011/11/16 17:19:14 | 000,147,456 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\RTUI.dll
MOD - [2011/11/16 17:19:12 | 000,061,440 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\RTFC.dll
MOD - [2011/10/12 13:39:59 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/12 13:29:57 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/12 13:29:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 13:29:30 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 13:29:29 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/12 13:29:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 13:29:15 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 13:29:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 13:29:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/05/01 01:04:54 | 000,013,312 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\RTTSH.dll
MOD - [2011/04/19 11:39:46 | 000,315,392 | ---- | M] () -- X:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 11:39:44 | 000,433,664 | ---- | M] () -- X:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2010/09/04 00:47:48 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AxInterop.ShockwaveFlashObjects.dll
MOD - [2010/08/31 04:42:12 | 000,023,040 | ---- | M] () -- F:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\ext\php_gstl_interface.dll
MOD - [2010/06/30 12:03:12 | 000,051,512 | ---- | M] () -- F:\Program Files\My Lockbox\FSPFlt.dll
MOD - [2010/06/15 02:53:48 | 001,417,216 | ---- | M] () -- F:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exe
MOD - [2010/02/04 04:10:44 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
MOD - [2010/02/04 03:28:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
MOD - [2010/02/04 03:28:27 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
MOD - [2010/02/04 03:28:26 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudrs.dll
MOD - [2010/02/04 03:27:21 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\iptk.dll
MOD - [2010/02/04 03:17:11 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
MOD - [2010/02/04 03:17:07 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
MOD - [2009/10/16 09:53:35 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll
MOD - [2007/09/06 04:11:34 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduptp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/06 10:57:48 | 000,551,896 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:64bit: - [2011/09/27 13:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/16 10:06:39 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV - [2011/11/23 20:15:37 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/10 00:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- X:\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- X:\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- X:\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/06 10:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/05/17 09:40:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/04/19 21:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/03/31 07:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/03/31 07:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/25 10:44:34 | 003,136,328 | ---- | M] (O&O Software GmbH) [Auto | Running] -- F:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2011/01/12 15:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 15:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- F:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2011/01/11 09:25:22 | 000,468,096 | ---- | M] (Genie-Soft) [Auto | Running] -- F:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/10 20:40:38 | 000,049,152 | ---- | M] () [Auto | Running] -- X:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe -- (D-Link SharePort Helper)
SRV - [2009/11/05 11:59:44 | 000,294,880 | ---- | M] () [Auto | Running] -- X:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2009/10/16 10:06:30 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxducoms.exe -- (lxdu_device)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/06 10:57:48 | 003,852,976 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV:64bit: - [2011/09/02 00:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 00:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/15 13:31:50 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/07/07 17:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/25 14:02:11 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/05/25 14:02:11 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/05/17 13:49:41 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/05/14 22:33:55 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/05/14 22:33:55 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/21 14:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 14:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 12:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/12/21 12:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/12/21 12:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 03:11:28 | 000,394,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 23:54:50 | 000,297,032 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2010/07/22 15:13:26 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2010/04/12 02:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/11 14:42:48 | 000,038,368 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psmounter.sys -- (PSMounter)
DRV:64bit: - [2009/08/21 02:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/11/22 12:36:38 | 000,013,416 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2011/04/19 21:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011/04/12 03:16:53 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/05/17 14:42:54] [Kernel | Auto | Running] -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/11/01 23:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/01/01 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://n4g.com/http:...amerangels.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.warez-bb....c53ee7b890106a7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 8D 7D F8 45 13 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.warez-bb....merangels.com/"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: X:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: X:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: F:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/05/15 10:08:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\FFExtensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2011/08/24 16:51:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/14 19:37:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: F:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/02 19:09:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: F:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: F:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/05/15 10:08:40 | 000,000,000 | ---D | M]

[2011/06/27 13:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2011/06/27 13:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/17 13:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\y990vrwc.default\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: ESN Sonar API (Enabled) = X:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = X:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Full Screen Weather = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.1_0\

O1 HOSTS File: ([2011/12/11 11:01:55 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [egui] F:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [mylbx] F:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [OODefragTray] F:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] X:\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKCU..\Run: [VIP Organizer] F:\Program Files (x86)\VIP Quality Software\VIP Organizer\VIP Organizer.exe (VIP Quality Software, Ltd)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = X:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - X:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - X:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @X:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - X:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @X:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - X:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0699EC82-852A-4AC5-8838-58AEC6A10099}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/10 18:24:38 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{346d42d3-8971-11e0-a4e2-001fbc08c285}\Shell - "" = AutoRun
O33 - MountPoints2\{346d42d3-8971-11e0-a4e2-001fbc08c285}\Shell\AutoRun\command - "" = J:\launcher.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\CitiesXL2011.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 16:00:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/11 15:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/12/11 10:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/12/11 08:42:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/11 08:42:07 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/10 19:49:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/10 19:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/12/10 18:59:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\NPE
[2011/12/10 18:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/12/10 18:24:30 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/12/10 18:24:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2011/12/06 16:58:42 | 000,000,000 | ---D | C] -- F:\Users\John\Documents\SEGA Genesis Classic Collection
[2011/12/06 16:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[2011/12/06 10:57:48 | 003,852,976 | ---- | C] (Protection Technology) -- C:\Windows\SysNative\drivers\appdrv01.sys
[2011/12/06 10:57:48 | 000,551,896 | ---- | C] (Protection Technology) -- C:\Windows\SysNative\appdrvrem01.exe
[2011/12/02 23:24:34 | 000,000,000 | R--D | C] -- C:\Users\John\Pictures
[2011/12/02 23:24:34 | 000,000,000 | R--D | C] -- C:\Users\John\Music
[2011/12/02 23:24:34 | 000,000,000 | R--D | C] -- C:\Users\John\Favorites
[2011/12/02 23:24:34 | 000,000,000 | R--D | C] -- C:\Users\John\Documents
[2011/11/23 20:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011/11/23 20:18:06 | 000,000,000 | ---D | C] -- F:\Users\John\Documents\Assassin's Creed Revelations
[2011/11/23 20:15:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\PunkBuster
[2011/11/23 20:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/11/23 20:14:57 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/11/23 20:14:57 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/11/23 20:14:57 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/11/23 20:14:57 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011/11/23 20:14:57 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/11/23 20:14:57 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011/11/23 20:14:57 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/11/23 20:14:57 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/11/23 20:14:56 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011/11/23 20:14:56 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/11/23 20:14:56 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/11/23 20:14:56 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/11/23 20:14:56 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011/11/23 20:14:56 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/11/23 20:14:56 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011/11/23 20:14:56 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/11/23 20:14:56 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011/11/23 20:14:56 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/11/23 20:14:56 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/11/23 20:14:56 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011/11/23 20:14:56 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/11/23 20:14:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/11/23 20:14:55 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/11/23 20:14:55 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/11/23 20:14:55 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011/11/23 20:14:55 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/11/23 20:14:55 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/11/23 20:14:55 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/11/23 20:14:55 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/11/23 20:14:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/11/23 20:14:54 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/11/23 20:14:54 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/11/23 20:14:54 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011/11/23 20:14:54 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/11/23 20:14:54 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/11/23 20:14:54 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/11/23 20:14:54 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011/11/23 20:14:54 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/11/23 20:14:53 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/11/23 20:14:53 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/11/23 20:14:53 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/11/23 20:14:53 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/11/23 20:14:53 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/11/23 20:14:53 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/11/23 20:14:53 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/11/23 20:14:53 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/11/23 20:14:52 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/11/23 20:14:52 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/11/23 20:14:52 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/11/23 20:14:52 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/11/23 20:14:52 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/11/23 20:14:52 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/11/23 20:14:52 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/11/23 20:14:52 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/11/23 20:14:52 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/11/23 20:14:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/11/23 20:14:51 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/11/23 20:14:51 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/11/23 20:14:51 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/11/23 20:14:51 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/11/23 20:14:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/11/23 20:14:51 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/11/23 20:14:51 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/11/23 20:14:51 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/11/23 20:14:51 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/11/23 20:14:51 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/11/23 20:14:51 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/11/23 20:14:51 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/11/23 20:14:51 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/11/23 20:14:51 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/11/23 20:14:50 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/11/23 20:14:50 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/11/23 20:14:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/11/23 20:14:50 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/11/23 20:14:50 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/11/23 20:14:50 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/11/23 20:14:50 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/11/23 20:14:50 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/11/23 20:14:49 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011/11/23 20:14:49 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/11/23 20:14:49 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/11/23 20:14:49 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/11/23 20:14:49 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011/11/23 20:14:49 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/11/23 20:14:49 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/11/23 20:14:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/11/23 20:14:49 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/11/23 20:14:49 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/11/23 20:14:48 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/11/23 20:14:48 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/11/23 20:14:48 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/11/23 20:14:48 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/11/23 20:14:48 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/11/23 20:14:48 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/11/23 20:14:48 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/11/23 20:14:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/11/23 20:14:47 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011/11/23 20:14:47 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/11/23 20:14:47 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/11/23 20:14:47 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/11/23 20:14:47 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011/11/23 20:14:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/11/23 20:14:47 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011/11/23 20:14:47 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/11/23 20:14:46 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011/11/23 20:14:46 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/11/23 20:14:46 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/11/23 20:14:46 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/11/23 20:14:46 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011/11/23 20:14:46 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/11/23 20:14:46 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011/11/23 20:14:46 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/11/23 20:14:45 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011/11/23 20:14:45 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/11/23 20:14:45 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/11/23 20:14:45 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/11/23 20:14:45 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011/11/23 20:14:45 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/11/23 20:14:45 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011/11/23 20:14:45 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/11/23 20:14:45 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/11/23 20:14:45 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/11/23 20:14:45 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/11/23 20:14:44 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011/11/23 20:14:44 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/11/23 20:14:44 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/11/23 20:14:44 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/11/23 20:14:44 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011/11/23 20:14:44 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/11/23 20:14:44 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011/11/23 20:14:44 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/11/23 20:14:43 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/11/23 20:14:43 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/11/23 20:14:43 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/11/23 20:14:43 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/11/23 20:14:43 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011/11/23 20:14:43 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011/11/23 20:14:43 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011/11/23 20:14:43 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/11/23 20:14:43 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/11/23 20:14:43 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/11/23 20:14:43 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/11/23 20:14:43 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/11/23 20:14:42 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011/11/23 20:14:42 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/11/23 20:14:42 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011/11/23 20:14:42 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/11/23 20:14:42 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/11/23 20:14:42 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/11/23 20:14:42 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/11/23 20:14:42 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/11/23 20:14:42 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011/11/23 20:14:42 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/11/23 20:14:42 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/11/23 20:14:42 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/11/23 20:14:40 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/11/23 20:14:40 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/11/23 20:14:39 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/11/23 20:14:39 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/11/23 20:14:39 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/11/23 20:14:39 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/11/23 20:14:39 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/11/23 20:14:39 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/11/23 20:14:39 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/11/23 20:14:39 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/11/23 20:14:38 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/11/23 20:14:38 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/11/23 20:14:38 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/11/23 20:14:38 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/11/23 20:14:38 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/11/23 20:14:38 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/11/23 20:14:37 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/11/23 20:14:37 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/11/21 20:03:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/18 14:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/07/15 13:31:50 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\John\AppData\Roaming\pcouffin.sys
[2011/05/30 10:37:12 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2011/05/30 10:37:12 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2011/05/30 10:37:12 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2011/05/30 10:37:12 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2011/05/30 10:37:12 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2011/05/30 10:37:12 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
[2011/05/30 10:37:12 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2011/05/30 10:37:12 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2011/05/30 10:37:12 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2011/05/30 10:37:12 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe
[2011/05/30 10:37:12 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2011/05/30 10:37:12 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/11 18:51:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1074675625-3414863663-3306549137-1000UA.job
[2011/12/11 18:36:04 | 000,000,386 | -H-- | M] () -- C:\Windows\tasks\My Backup X xml.job
[2011/12/11 16:26:45 | 000,015,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 16:26:45 | 000,015,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 16:26:22 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/11 16:26:22 | 000,624,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/11 16:26:22 | 000,106,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/11 16:20:33 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/12/11 16:19:42 | 000,000,021 | ---- | M] () -- C:\Windows\VIP Organizer.INI
[2011/12/11 16:19:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/11 16:19:30 | 000,646,932 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011/12/11 16:18:52 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\My Daily F xml.job
[2011/12/11 16:00:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_200611234527252.job
[2011/12/11 15:35:37 | 000,003,360 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/12/11 15:05:13 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\My Daily C xml.job
[2011/12/11 15:00:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\GBM - My Files-Full.job
[2011/12/11 11:00:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_230611193001734.job
[2011/12/10 19:51:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1074675625-3414863663-3306549137-1000Core.job
[2011/12/10 19:09:41 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/10 19:00:41 | 000,000,792 | ---- | M] () -- C:\Users\John\AppData\Roaming\SMRBackup210.dat
[2011/12/10 18:24:38 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/12/10 18:02:39 | 000,000,386 | -H-- | M] () -- C:\Windows\tasks\My Backup F xml.job
[2011/12/10 11:00:00 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_230611155434928.job
[2011/12/09 16:05:18 | 000,000,386 | -H-- | M] () -- C:\Windows\tasks\My Backup C xml.job
[2011/12/08 18:27:31 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\My Daily X xml.job
[2011/12/06 10:57:48 | 003,852,976 | ---- | M] (Protection Technology) -- C:\Windows\SysNative\drivers\appdrv01.sys
[2011/12/06 10:57:48 | 000,551,896 | ---- | M] (Protection Technology) -- C:\Windows\SysNative\appdrvrem01.exe
[2011/12/03 18:24:43 | 000,014,974 | -HS- | M] () -- C:\Users\John\AppData\Local\384343h2e173a601r865n8vpk6t7
[2011/12/03 18:24:43 | 000,014,974 | -HS- | M] () -- C:\ProgramData\384343h2e173a601r865n8vpk6t7
[2011/12/02 19:53:23 | 000,001,057 | ---- | M] () -- C:\Users\John\AppData\Roaming\vso_ts_preview.xml
[2011/11/26 15:03:55 | 000,001,126 | -HS- | M] () -- C:\Users\John\AppData\Local\677615x3m187p847b228g4opb0j6
[2011/11/26 15:03:55 | 000,001,126 | -HS- | M] () -- C:\ProgramData\677615x3m187p847b228g4opb0j6
[2011/11/23 20:15:37 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/23 20:15:37 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/18 15:00:06 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/11 11:01:58 | 000,003,360 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/12/10 19:09:26 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/10 19:00:41 | 000,000,792 | ---- | C] () -- C:\Users\John\AppData\Roaming\SMRBackup210.dat
[2011/12/10 18:24:38 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/12/03 18:16:00 | 000,014,974 | -HS- | C] () -- C:\Users\John\AppData\Local\384343h2e173a601r865n8vpk6t7
[2011/12/03 18:16:00 | 000,014,974 | -HS- | C] () -- C:\ProgramData\384343h2e173a601r865n8vpk6t7
[2011/11/26 15:03:55 | 000,001,126 | -HS- | C] () -- C:\Users\John\AppData\Local\677615x3m187p847b228g4opb0j6
[2011/11/26 15:03:55 | 000,001,126 | -HS- | C] () -- C:\ProgramData\677615x3m187p847b228g4opb0j6
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/14 11:36:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/07/29 21:07:16 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/21 16:06:36 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011/07/15 13:31:50 | 000,099,384 | ---- | C] () -- C:\Users\John\AppData\Roaming\inst.exe
[2011/07/15 13:31:50 | 000,007,859 | ---- | C] () -- C:\Users\John\AppData\Roaming\pcouffin.cat
[2011/07/15 13:31:50 | 000,001,167 | ---- | C] () -- C:\Users\John\AppData\Roaming\pcouffin.inf
[2011/06/17 16:54:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat
[2011/06/15 13:38:30 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/30 19:10:28 | 000,002,028 | ---- | C] () -- C:\Windows\Earthquake3D.ini
[2011/05/30 10:37:12 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2011/05/30 10:37:12 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2011/05/30 10:33:29 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2011/05/30 10:33:28 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2011/05/30 10:33:28 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2011/05/29 20:02:26 | 000,007,605 | ---- | C] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2011/05/27 21:50:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/15 19:11:18 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/15 19:11:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/15 19:11:14 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/15 08:54:10 | 000,000,021 | ---- | C] () -- C:\Windows\VIP Organizer.INI
[2011/05/15 07:18:07 | 000,001,057 | ---- | C] () -- C:\Users\John\AppData\Roaming\vso_ts_preview.xml
[2011/05/15 07:05:12 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/26 00:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2003/10/06 02:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 80 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:618D0840

< End of report >

Edited by thexmanone, 11 December 2011 - 07:09 PM.

  • 0

Advertisements

#2
Essexboy
Posted 14 December 2011 - 03:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay - are you experiencing any symptoms ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/03 18:16:00 | 000,014,974 | -HS- | C] () -- C:\Users\John\AppData\Local\384343h2e173a601r865n8vpk6t7
    [2011/12/03 18:16:00 | 000,014,974 | -HS- | C] () -- C:\ProgramData\384343h2e173a601r865n8vpk6t7
    [2011/11/26 15:03:55 | 000,001,126 | -HS- | C] () -- C:\Users\John\AppData\Local\677615x3m187p847b228g4opb0j6
    [2011/11/26 15:03:55 | 000,001,126 | -HS- | C] () -- C:\ProgramData\677615x3m187p847b228g4opb0j6

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

FINALLY

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
  • 0

#3
thexmanone
Posted 14 December 2011 - 05:18 PM

thexmanone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you so much for your reply.

My system is locking up just about every other time i reboot. And some times while i`am surfing the web.
I could not post the results of the OLT quick scan after your fix, because my system would lock up every time i tried too run the quick scan.

ASWMBR:


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-14 16:48:07
-----------------------------
16:48:07.214 OS Version: Windows x64 6.1.7601 Service Pack 1
16:48:07.214 Number of processors: 4 586 0x2505
16:48:07.215 ComputerName: JOHN-PC UserName: John
16:48:07.384 Initialize success
16:48:21.778 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
16:48:21.779 Disk 0 Vendor: SAMSUNG_HD203WI 1AN10003 Size: 1907729MB BusType: 3
16:48:21.780 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP7T0L0-9
16:48:21.781 Disk 1 Vendor: INTEL_SSDSA2M080G2GC 2CV102HD Size: 76319MB BusType: 11
16:48:21.783 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-5
16:48:21.784 Disk 2 Vendor: WDC_WD10EADS-11M2B1 80.00A80 Size: 953869MB BusType: 11
16:48:21.786 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP6T0L0-8
16:48:21.788 Disk 3 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 11
16:48:23.790 Disk 1 MBR read successfully
16:48:23.791 Disk 1 MBR scan
16:48:23.793 Disk 1 TDL4@MBR code has been found
16:48:23.795 Disk 1 MBR [TDL4] **ROOTKIT**
16:48:23.798 Service scanning
16:48:25.579 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:48:26.816 Modules scanning
16:48:26.819 Disk 1 trace - called modules:
16:48:26.822 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80078e82c0]<<
16:48:26.825 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80081ac060]
16:48:26.833 3 CLASSPNP.SYS[fffff88001b8e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP7T0L0-9[0xfffffa8007fb1680]
16:48:26.835 \Driver\atapi[0xfffffa8007eefbf0] -> IRP_MJ_CREATE -> 0xfffffa80078e82c0
16:48:26.850 Scan finished successfully
16:48:58.353 Disk 1 MBR has been saved successfully to "F:\Users\John\Desktop\MBR.dat"
16:48:58.356 The log file has been saved successfully to "F:\Users\John\Desktop\aswMBR.txt"

CPU Managent.jpg
  • 0

#4
thexmanone
Posted 14 December 2011 - 08:10 PM

thexmanone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I tried to run the OLT quick scan again and it made it through without any lockups. So here are the results

OLT:
OTL logfile created on: 12/14/2011 8:04:11 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = F:\Users\John\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 78.64% Memory free
9.94 Gb Paging File | 8.07 Gb Available in Paging File | 81.15% Paging File free
Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 47.25 Gb Free Space | 63.48% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 397.26 Gb Free Space | 21.32% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.80 Mb Free Space | 71.81% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 708.07 Gb Free Space | 76.01% Space Free | Partition Type: NTFS
Drive X: | 931.51 Gb Total Space | 661.18 Gb Free Space | 70.98% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/11 19:03:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\Users\John\Desktop\OTL.exe
PRC - [2011/12/07 15:32:32 | 000,359,528 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
PRC - [2011/11/23 20:15:37 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/10 00:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/16 23:45:20 | 000,737,104 | ---- | M] (ecareme) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
PRC - [2011/08/08 17:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- X:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/17 09:40:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011/05/14 22:33:55 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
PRC - [2011/04/19 21:56:47 | 000,083,240 | ---- | M] () -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/03/31 07:37:11 | 000,312,616 | ---- | M] (CyberLink) -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011/03/31 07:37:06 | 000,070,952 | ---- | M] (CyberLink) -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011/01/12 15:41:42 | 000,810,144 | ---- | M] (ESET) -- F:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/11/20 06:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/11/09 12:10:24 | 001,792,224 | ---- | M] (FSPro Labs) -- F:\Program Files\My Lockbox\mylbx.exe
PRC - [2010/06/15 02:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- F:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\php-cgi.exe
PRC - [2010/06/15 02:53:48 | 001,417,216 | ---- | M] () -- F:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exe
PRC - [2010/02/04 04:10:51 | 000,131,752 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
PRC - [2010/02/04 04:10:44 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2007/10/24 12:54:00 | 012,656,769 | ---- | M] (VIP Quality Software, Ltd) -- F:\Program Files (x86)\VIP Quality Software\VIP Organizer\VIP Organizer.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/07 15:32:32 | 000,359,528 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
MOD - [2011/11/16 17:19:28 | 000,061,440 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\RTMUI.dll
MOD - [2011/11/16 17:19:26 | 000,299,008 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\RTHAL.dll
MOD - [2011/11/16 17:19:18 | 000,225,280 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\RTCore.dll
MOD - [2011/11/16 17:19:14 | 000,147,456 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\RTUI.dll
MOD - [2011/11/16 17:19:12 | 000,061,440 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\RTFC.dll
MOD - [2011/10/12 13:39:59 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/12 13:29:57 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/12 13:29:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 13:29:30 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 13:29:29 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/12 13:29:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 13:29:15 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 13:29:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 13:29:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/05/01 01:04:54 | 000,013,312 | ---- | M] () -- F:\Program Files (x86)\EVGA Precision\RTTSH.dll
MOD - [2011/04/19 11:39:46 | 000,315,392 | ---- | M] () -- X:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 11:39:44 | 000,433,664 | ---- | M] () -- X:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2010/09/04 00:47:48 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AxInterop.ShockwaveFlashObjects.dll
MOD - [2010/08/31 04:42:12 | 000,023,040 | ---- | M] () -- F:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\ext\php_gstl_interface.dll
MOD - [2010/06/30 12:03:12 | 000,051,512 | ---- | M] () -- F:\Program Files\My Lockbox\FSPFlt.dll
MOD - [2010/06/15 02:53:48 | 001,417,216 | ---- | M] () -- F:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exe
MOD - [2010/02/04 04:10:44 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
MOD - [2010/02/04 03:28:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
MOD - [2010/02/04 03:28:27 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
MOD - [2010/02/04 03:28:26 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudrs.dll
MOD - [2010/02/04 03:27:21 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\iptk.dll
MOD - [2010/02/04 03:17:11 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
MOD - [2010/02/04 03:17:07 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
MOD - [2009/10/16 09:53:35 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll
MOD - [2007/09/06 04:11:34 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduptp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/06 10:57:48 | 000,551,896 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:64bit: - [2011/09/27 13:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/16 10:06:39 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV - [2011/11/23 20:15:37 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/10 00:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- X:\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- X:\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- X:\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/06 10:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/05/17 09:40:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/04/19 21:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/03/31 07:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/03/31 07:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/25 10:44:34 | 003,136,328 | ---- | M] (O&O Software GmbH) [Auto | Running] -- F:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2011/01/12 15:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 15:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- F:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2011/01/11 09:25:22 | 000,468,096 | ---- | M] (Genie-Soft) [Auto | Running] -- F:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/10 20:40:38 | 000,049,152 | ---- | M] () [Auto | Running] -- X:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe -- (D-Link SharePort Helper)
SRV - [2009/11/05 11:59:44 | 000,294,880 | ---- | M] () [Auto | Running] -- X:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2009/10/16 10:06:30 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxducoms.exe -- (lxdu_device)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/06 10:57:48 | 003,852,976 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV:64bit: - [2011/09/02 00:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 00:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/15 13:31:50 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/07/07 17:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/25 14:02:11 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/05/25 14:02:11 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/05/17 13:49:41 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/05/14 22:33:55 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/05/14 22:33:55 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/21 14:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 14:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 12:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/12/21 12:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/12/21 12:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 03:11:28 | 000,394,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 23:54:50 | 000,297,032 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2010/07/22 15:13:26 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2010/04/12 02:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/11 14:42:48 | 000,038,368 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psmounter.sys -- (PSMounter)
DRV:64bit: - [2009/08/21 02:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/12/07 15:32:30 | 000,013,416 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2011/04/19 21:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011/04/12 03:16:53 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/05/17 14:42:54] [Kernel | Auto | Running] -- F:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/11/01 23:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/01/01 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://n4g.com/http:...amerangels.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.warez-bb....c53ee7b890106a7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 8D 7D F8 45 13 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.warez-bb....merangels.com/"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: X:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: X:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: F:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/05/15 10:08:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\FFExtensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2011/08/24 16:51:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/14 19:37:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: F:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/02 19:09:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: F:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: F:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/05/15 10:08:40 | 000,000,000 | ---D | M]

[2011/06/27 13:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2011/06/27 13:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/17 13:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\y990vrwc.default\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: ESN Sonar API (Enabled) = X:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = X:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Full Screen Weather = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.1_0\

O1 HOSTS File: ([2011/12/14 20:00:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [egui] F:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [mylbx] F:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [OODefragTray] F:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] X:\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKCU..\Run: [VIP Organizer] F:\Program Files (x86)\VIP Quality Software\VIP Organizer\VIP Organizer.exe (VIP Quality Software, Ltd)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = X:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - X:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - X:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @X:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - X:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @X:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - X:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0699EC82-852A-4AC5-8838-58AEC6A10099}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/10 18:24:38 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{346d42d3-8971-11e0-a4e2-001fbc08c285}\Shell - "" = AutoRun
O33 - MountPoints2\{346d42d3-8971-11e0-a4e2-001fbc08c285}\Shell\AutoRun\command - "" = J:\launcher.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\CitiesXL2011.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 16:36:41 | 001,916,416 | ---- | C] (AVAST Software) -- F:\Users\John\Desktop\aswMBR.exe
[2011/12/11 19:03:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- F:\Users\John\Desktop\OTL.exe
[2011/12/11 15:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/12/11 10:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/12/11 08:42:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/11 08:42:07 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/10 19:49:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/10 19:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/12/10 18:59:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\NPE
[2011/12/10 18:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/12/10 18:24:30 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/12/10 18:24:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2011/12/06 16:58:42 | 000,000,000 | ---D | C] -- F:\Users\John\Documents\SEGA Genesis Classic Collection
[2011/12/06 16:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[2011/12/06 10:57:48 | 003,852,976 | ---- | C] (Protection Technology) -- C:\Windows\SysNative\drivers\appdrv01.sys
[2011/12/06 10:57:48 | 000,551,896 | ---- | C] (Protection Technology) -- C:\Windows\SysNative\appdrvrem01.exe
[2011/12/02 23:24:34 | 000,000,000 | R--D | C] -- C:\Users\John\Pictures
[2011/12/02 23:24:34 | 000,000,000 | R--D | C] -- C:\Users\John\Music
[2011/12/02 23:24:34 | 000,000,000 | R--D | C] -- C:\Users\John\Favorites
[2011/12/02 23:24:34 | 000,000,000 | R--D | C] -- C:\Users\John\Documents
[2011/11/23 20:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011/11/23 20:18:06 | 000,000,000 | ---D | C] -- F:\Users\John\Documents\Assassin's Creed Revelations
[2011/11/23 20:15:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\PunkBuster
[2011/11/23 20:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/11/21 20:03:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/18 14:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/07/15 13:31:50 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\John\AppData\Roaming\pcouffin.sys
[2011/05/30 10:37:12 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2011/05/30 10:37:12 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2011/05/30 10:37:12 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2011/05/30 10:37:12 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2011/05/30 10:37:12 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2011/05/30 10:37:12 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
[2011/05/30 10:37:12 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2011/05/30 10:37:12 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2011/05/30 10:37:12 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2011/05/30 10:37:12 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe
[2011/05/30 10:37:12 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2011/05/30 10:37:12 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/14 20:03:22 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/12/14 20:02:34 | 000,000,021 | ---- | M] () -- C:\Windows\VIP Organizer.INI
[2011/12/14 20:02:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/14 20:02:18 | 000,676,280 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011/12/14 20:00:58 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/12/14 19:51:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1074675625-3414863663-3306549137-1000UA.job
[2011/12/14 19:51:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1074675625-3414863663-3306549137-1000Core.job
[2011/12/14 18:07:36 | 000,015,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 18:07:36 | 000,015,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 18:07:17 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/14 18:07:17 | 000,624,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/14 18:07:17 | 000,106,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/14 16:48:58 | 000,000,512 | ---- | M] () -- F:\Users\John\Desktop\MBR.dat
[2011/12/14 16:47:24 | 000,226,894 | ---- | M] () -- F:\Users\John\Desktop\CPU Managent.jpg
[2011/12/14 16:23:44 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\My Daily F xml.job
[2011/12/14 15:06:48 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\My Daily C xml.job
[2011/12/13 18:27:13 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\My Daily X xml.job
[2011/12/13 16:00:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_200611234527252.job
[2011/12/13 15:00:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\GBM - My Files-Full.job
[2011/12/13 14:54:46 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/12 18:50:11 | 000,001,057 | ---- | M] () -- C:\Users\John\AppData\Roaming\vso_ts_preview.xml
[2011/12/11 19:03:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\Users\John\Desktop\OTL.exe
[2011/12/11 18:36:04 | 000,000,386 | -H-- | M] () -- C:\Windows\tasks\My Backup X xml.job
[2011/12/11 15:35:37 | 000,003,360 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/12/11 11:00:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_230611193001734.job
[2011/12/10 20:14:38 | 001,916,416 | ---- | M] (AVAST Software) -- F:\Users\John\Desktop\aswMBR.exe
[2011/12/10 19:09:41 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/10 19:00:41 | 000,000,792 | ---- | M] () -- C:\Users\John\AppData\Roaming\SMRBackup210.dat
[2011/12/10 18:24:38 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/12/10 18:02:39 | 000,000,386 | -H-- | M] () -- C:\Windows\tasks\My Backup F xml.job
[2011/12/10 11:00:00 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_230611155434928.job
[2011/12/09 16:05:18 | 000,000,386 | -H-- | M] () -- C:\Windows\tasks\My Backup C xml.job
[2011/12/06 10:57:48 | 003,852,976 | ---- | M] (Protection Technology) -- C:\Windows\SysNative\drivers\appdrv01.sys
[2011/12/06 10:57:48 | 000,551,896 | ---- | M] (Protection Technology) -- C:\Windows\SysNative\appdrvrem01.exe
[2011/11/23 20:15:37 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/23 20:15:37 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/14 16:48:58 | 000,000,512 | ---- | C] () -- F:\Users\John\Desktop\MBR.dat
[2011/12/14 16:47:24 | 000,226,894 | ---- | C] () -- F:\Users\John\Desktop\CPU Managent.jpg
[2011/12/11 11:01:58 | 000,003,360 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/12/10 19:09:26 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/12/10 19:00:41 | 000,000,792 | ---- | C] () -- C:\Users\John\AppData\Roaming\SMRBackup210.dat
[2011/12/10 18:24:38 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/14 11:36:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/07/29 21:07:16 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/07/21 16:06:36 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011/07/15 13:31:50 | 000,099,384 | ---- | C] () -- C:\Users\John\AppData\Roaming\inst.exe
[2011/07/15 13:31:50 | 000,007,859 | ---- | C] () -- C:\Users\John\AppData\Roaming\pcouffin.cat
[2011/07/15 13:31:50 | 000,001,167 | ---- | C] () -- C:\Users\John\AppData\Roaming\pcouffin.inf
[2011/06/17 16:54:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat
[2011/06/15 13:38:30 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/30 19:10:28 | 000,002,028 | ---- | C] () -- C:\Windows\Earthquake3D.ini
[2011/05/30 10:37:12 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2011/05/30 10:37:12 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2011/05/30 10:33:29 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2011/05/30 10:33:28 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2011/05/30 10:33:28 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2011/05/29 20:02:26 | 000,007,605 | ---- | C] () -- C:\Users\John\AppData\Local\Resmon.ResmonCfg
[2011/05/27 21:50:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/15 19:11:18 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/15 19:11:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/15 19:11:14 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/15 08:54:10 | 000,000,021 | ---- | C] () -- C:\Windows\VIP Organizer.INI
[2011/05/15 07:18:07 | 000,001,057 | ---- | C] () -- C:\Users\John\AppData\Roaming\vso_ts_preview.xml
[2011/05/15 07:05:12 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/26 00:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2003/10/06 02:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat

========== LOP Check ==========

[2011/08/31 18:28:46 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ALK Technologies
[2011/07/21 16:07:10 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AnyPic Image Resizer Pro
[2011/08/18 13:07:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ASUS
[2011/12/14 20:02:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ASUS WebStorage
[2011/08/18 13:16:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1
[2011/05/25 14:03:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Atari
[2011/07/05 13:47:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Bioshock2
[2011/07/01 19:17:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BitTorrent
[2011/10/19 16:51:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BSplayer PRO
[2011/09/05 07:41:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Dropbox
[2011/06/17 16:54:50 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DVD-Cloner
[2011/08/17 19:22:21 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\eCareme
[2011/05/18 03:38:17 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\EfficientPIM
[2011/08/01 17:07:32 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Electronic Arts
[2011/05/15 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ESET
[2011/05/28 15:37:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\GARMIN
[2011/05/16 17:55:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Genie-Soft
[2011/07/01 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\GlarySoft
[2011/05/30 17:27:28 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Hothead Games
[2011/06/19 19:06:27 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\IObit
[2011/05/14 22:34:46 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2011/09/04 19:05:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Lionhead Studios
[2011/07/18 19:04:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Local
[2011/09/05 07:28:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\MEar
[2011/05/28 14:08:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\onOne Software
[2011/10/24 19:01:03 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Origin
[2011/11/23 20:15:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PunkBuster
[2011/05/15 09:27:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Rovio
[2011/07/17 13:31:34 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SBSH SafeWallet
[2011/06/12 16:11:06 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SolSuite
[2011/06/28 15:20:32 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Systweak
[2011/06/04 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Taito Legends
[2011/10/03 19:05:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\temp
[2011/06/09 19:20:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\The Bat! Pwd
[2011/05/29 07:29:36 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thinstall
[2011/06/27 13:41:56 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2011/09/17 18:53:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Unified Remote
[2011/12/12 18:27:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Vso
[2011/05/15 16:08:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows Live Writer
[2011/05/18 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows SideBar
[2011/12/13 15:00:00 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\GBM - My Files-Full.job
[2011/12/14 20:03:22 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/12/09 16:05:18 | 000,000,386 | -H-- | M] () -- C:\Windows\Tasks\My Backup C xml.job
[2011/12/10 18:02:39 | 000,000,386 | -H-- | M] () -- C:\Windows\Tasks\My Backup F xml.job
[2011/12/11 18:36:04 | 000,000,386 | -H-- | M] () -- C:\Windows\Tasks\My Backup X xml.job
[2011/12/14 15:06:48 | 000,000,384 | -H-- | M] () -- C:\Windows\Tasks\My Daily C xml.job
[2011/12/14 16:23:44 | 000,000,384 | -H-- | M] () -- C:\Windows\Tasks\My Daily F xml.job
[2011/12/13 18:27:13 | 000,000,384 | -H-- | M] () -- C:\Windows\Tasks\My Daily X xml.job
[2011/12/13 16:00:00 | 000,001,090 | ---- | M] () -- C:\Windows\Tasks\Paragon Archive name arc_200611234527252.job
[2011/12/10 11:00:00 | 000,001,024 | ---- | M] () -- C:\Windows\Tasks\Paragon Archive name arc_230611155434928.job
[2011/12/11 11:00:00 | 000,001,006 | ---- | M] () -- C:\Windows\Tasks\Paragon Archive name arc_230611193001734.job
[2011/12/10 18:11:26 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 80 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:618D0840

< End of report >
  • 0

#5
Essexboy
Posted 15 December 2011 - 12:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try and kill this in one...

Re-Run aswMBR

Click Scan

On completion of the scanClick the Fix Button

Posted Image

Save the log as before and post in your next reply

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
thexmanone
Posted 15 December 2011 - 02:36 PM

thexmanone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you again for your reply.

I ran ASWMBR it ran fine but the fix button was not clickable.

Combofix ran fine. I`am still getting warning from ESET.

ASWMBR Log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-15 14:13:47
-----------------------------
14:13:47.910 OS Version: Windows x64 6.1.7601 Service Pack 1
14:13:47.910 Number of processors: 4 586 0x2505
14:13:47.917 ComputerName: JOHN-PC UserName: John
14:13:48.238 Initialize success
14:13:50.285 AVAST engine defs: 11121501
14:13:52.550 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
14:13:52.550 Disk 0 Vendor: SAMSUNG_HD203WI 1AN10003 Size: 1907729MB BusType: 3
14:13:52.582 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP7T0L0-9
14:13:52.582 Disk 1 Vendor: INTEL_SSDSA2M080G2GC 2CV102HD Size: 76319MB BusType: 11
14:13:52.582 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-5
14:13:52.582 Disk 2 Vendor: WDC_WD10EADS-11M2B1 80.00A80 Size: 953869MB BusType: 11
14:13:52.589 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP6T0L0-8
14:13:52.589 Disk 3 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 11
14:13:54.636 Disk 1 MBR read successfully
14:13:54.636 Disk 1 MBR scan
14:13:54.644 Disk 1 MBR:Pihar-C [Rtk]
14:13:54.644 Disk 1 TDL4@MBR code has been found
14:13:54.644 Disk 1 MBR [TDL4] **ROOTKIT**
14:13:54.660 Service scanning
14:13:54.910 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:13:55.441 Modules scanning
14:13:55.441 Disk 1 trace - called modules:
14:13:55.449 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80078e82c0]<<
14:13:55.457 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80081d3060]
14:13:55.464 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP7T0L0-9[0xfffffa8007f9b060]
14:13:55.472 \Driver\atapi[0xfffffa8007eefe70] -> IRP_MJ_CREATE -> 0xfffffa80078e82c0
14:13:55.800 AVAST engine scan C:\Windows
14:14:02.949 AVAST engine scan C:\Windows\system32
14:16:05.003 AVAST engine scan C:\Windows\system32\drivers
14:16:07.988 AVAST engine scan C:\Users\John
14:17:08.660 AVAST engine scan C:\ProgramData
14:17:19.300 Scan finished successfully
14:17:44.863 Disk 1 MBR has been saved successfully to "F:\Users\John\Desktop\MBR.dat"
14:17:44.863 The log file has been saved successfully to "F:\Users\John\Desktop\aswMBR.txt"


Combo fix Log:

ComboFix 11-12-15.02 - John 12/15/2011 14:19:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6002 [GMT -6:00]
Running from: f:\users\John\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Local
c:\programdata\Local\en.xml
c:\programdata\Local\netbx.xml
c:\users\John\AppData\Local\ALI213\ALI213Update\ALI213updt32.dll
c:\users\John\AppData\Roaming\inst.exe
c:\users\John\AppData\Roaming\Local
c:\users\John\AppData\Roaming\Microsoft\Windows\Templates\677615x3m187p847b228g4opb0j6
c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\y990vrwc.default\extensions\{7679ae33-b47a-48f8-9d49-a5e85059e7ad}
c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\y990vrwc.default\extensions\{7679ae33-b47a-48f8-9d49-a5e85059e7ad}\chrome.manifest
c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\y990vrwc.default\extensions\{7679ae33-b47a-48f8-9d49-a5e85059e7ad}\chrome\xulcache.jar
c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\y990vrwc.default\extensions\{7679ae33-b47a-48f8-9d49-a5e85059e7ad}\defaults\preferences\xulcache.js
c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\y990vrwc.default\extensions\{7679ae33-b47a-48f8-9d49-a5e85059e7ad}\install.rdf
c:\users\John\AppData\Roaming\vso_ts_preview.xml
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-13 20:45 . 2011-11-04 01:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-13 20:44 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 20:44 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-13 20:44 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 20:44 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-11 21:27 . 2011-12-11 21:28 -------- d-----w- c:\program files\STOPzilla!
2011-12-11 16:59 . 2011-12-11 16:59 -------- d-----w- c:\program files (x86)\Common Files\iS3
2011-12-11 01:49 . 2011-12-11 01:49 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-11 01:09 . 2011-12-11 01:09 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-11 01:07 . 2011-12-11 01:09 -------- d-----w- c:\programdata\Hitman Pro
2011-12-11 00:59 . 2011-12-14 22:07 -------- d-----w- c:\users\John\AppData\Local\NPE
2011-12-11 00:59 . 2011-12-11 00:59 -------- d-----w- c:\programdata\Norton
2011-12-11 00:24 . 2011-12-11 00:45 -------- d-----w- C:\sh4ldr
2011-12-11 00:24 . 2011-12-11 00:24 -------- d-----w- c:\program files (x86)\Enigma Software Group
2011-12-06 22:56 . 2011-12-06 22:56 -------- d-----w- c:\program files (x86)\SEGA
2011-12-06 16:57 . 2011-12-06 16:57 551896 ----a-w- c:\windows\system32\appdrvrem01.exe
2011-12-06 16:57 . 2011-12-06 16:57 3852976 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2011-11-24 02:18 . 2011-11-24 02:18 -------- d-----w- c:\programdata\Ubisoft
2011-11-24 02:15 . 2011-11-24 02:15 -------- d-----w- c:\users\John\AppData\Roaming\PunkBuster
2011-11-24 02:15 . 2011-11-24 02:15 -------- d-----w- c:\program files (x86)\Ubisoft
2011-11-18 20:59 . 2011-11-18 20:59 -------- d-----w- c:\program files\Logitech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 10:59 . 2011-05-17 19:58 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-04 01:25 . 2011-07-01 19:12 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-24 02:15 . 2011-05-16 01:11 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-24 02:15 . 2011-05-16 01:11 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-11-18 21:00 . 2011-05-15 04:34 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-11-11 11:04 . 2011-05-15 23:25 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 08:53 . 2011-11-05 13:19 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-11-05 13:19 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-11-05 13:19 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-11-05 13:19 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-11-05 13:19 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-11-05 13:19 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-11-05 13:17 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-11-05 13:17 7581504 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-11-05 13:17 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-11-05 13:17 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-11-05 13:17 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-11-05 13:17 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-11-05 13:17 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-11-05 13:17 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-11-05 13:17 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-11-05 13:17 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-11-05 13:17 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-11-05 13:17 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-11-05 13:17 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-05 13:17 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-05 13:17 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-11-05 13:17 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-11-05 13:17 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-11-05 13:17 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-11-05 13:17 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-11-05 13:17 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-11-05 13:17 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-06 19:28 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-29 16:29 . 2011-11-08 21:57 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"2351FD1056AEAD9FF250267962A0697D4BC0A752._service_run"="c:\users\John\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-11-15 1036344]
"VIP Organizer"="f:\program files (x86)\VIP Quality Software\VIP Organizer\VIP Organizer.exe" [2007-10-24 12656769]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-08-17 737104]
"Malwarebytes' Anti-Malware"="f:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - x:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;f:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 ALSysIO;ALSysIO;f:\windows\TEMP\ALSysIO64.sys [x]
R3 dump_wmimmc;dump_wmimmc;f:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;x:\zune\WMZuneComm.exe [2011-08-05 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/17 14:42];f:\program files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 148976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;f:\program files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;f:\program files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;f:\program files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
S2 D-Link SharePort Helper;D-Link SharePort Helper;x:\program files\D-Link\SharePort Utility\Spnuhelper.exe [2009-12-11 49152]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;f:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 GenieTimelineService;Genie Timeline Service;f:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [2011-01-11 468096]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-05-17 66560]
S2 ntk_PowerDVD;ntk_PowerDVD;f:\program files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-04-20 75248]
S2 OODefragAgent;O&O Defrag;f:\program files\OO Software\Defrag\oodag.exe [2011-01-25 3136328]
S2 ReflectService;Macrium Reflect Image Mounting Service;x:\program files\Macrium\Reflect\ReflectService.exe [2009-11-05 294880]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-24 520040]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTCore64;RTCore64;f:\program files (x86)\EVGA Precision\RTCore64.sys [2011-12-07 13416]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\GlaryInitialize.job
- f:\program files (x86)\Glary Utilities\initialize.exe [2011-05-25 14:07]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1074675625-3414863663-3306549137-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27 00:46]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1074675625-3414863663-3306549137-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27 00:46]
.
2011-12-09 c:\windows\Tasks\My Backup C xml.job
- x:\program files\Macrium\Reflect\reflect.exe [2009-11-17 16:44]
.
2011-12-11 c:\windows\Tasks\My Backup F xml.job
- x:\program files\Macrium\Reflect\reflect.exe [2009-11-17 16:44]
.
2011-12-12 c:\windows\Tasks\My Backup X xml.job
- x:\program files\Macrium\Reflect\reflect.exe [2009-11-17 16:44]
.
2011-12-14 c:\windows\Tasks\My Daily C xml.job
- x:\program files\Macrium\Reflect\reflect.exe [2009-11-17 16:44]
.
2011-12-14 c:\windows\Tasks\My Daily F xml.job
- x:\program files\Macrium\Reflect\reflect.exe [2009-11-17 16:44]
.
2011-12-14 c:\windows\Tasks\My Daily X xml.job
- x:\program files\Macrium\Reflect\reflect.exe [2009-11-17 16:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"mylbx"="f:\program files\My Lockbox\mylbx.exe" [2010-11-09 1792224]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"egui"="f:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
"OODefragTray"="f:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 4012360]
"lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]
"EzPrint"="c:\program files (x86)\Lexmark 5600-6600 Series\ezprint.exe" [2010-02-04 131752]
"Zune Launcher"="x:\zune\ZuneLauncher.exe" [2011-08-05 163552]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.warez-bb.org/index.php?sid=6d6be0ff945591d5cc53ee7b890106a7
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - x:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://x:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\y990vrwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.warez-bb.org/index.php?sid=6d6be0ff945591d5cc53ee7b890106a7|http://n4g.com/|http://www.gamerangels.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ALI213Data - c:\users\John\AppData\Local\ALI213\ALI213Data\ALI213data.DLL
Wow6432Node-HKLM-Run-TaskTray - (no file)
AddRemove-{173F2B02-2AAA-414F-A2D8-44870BB98F7A} - c:\program files (x86)\InstallShield Installation Information\{173F2B02-2AAA-414F-A2D8-44870BB98F7A}\setup.exe
AddRemove-{578485F8-60F3-4C61-9183-0698E581B902} - c:\program files (x86)\InstallShield Installation Information\{578485F8-60F3-4C61-9183-0698E581B902}\setup.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\f:\program files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:fa,47,f0,8b,da,5d,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,18,11,f3,e2,57,9a,4e,ad,7c,a0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,18,11,f3,e2,57,9a,4e,ad,7c,a0,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Setup"="020B717-6151-D8BF-2E1E-F812"
"Licence"="0108804-1F5A-6507-CB3C-E8BB"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="37B276712EA7C8A8A747F66663EA67C6C015821F6DE9027D36DB49CDEFF847A7C58FE3B4729800A61E2405A16F3C1D2B93E0F1F2B4AE248332C55138157E5B828B07C3D966FBD26B670ED7525548BB7BB4933EFC02F405F8D9C2DC6974AFD7D4C974A6CF5B02D55FEA70CA029AA23289CDC931FBAFCE92B6403F43FB5EBEC7A217B4102B351DCDCE623C305E599C248861A50759AB91EC7C472DCFADB422E853DC2CF724EA8537EAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A2D97226D213B555A6171C11EC38DE3D844B93925362651A0BEE25079AADE886EA3CE671402FA1D9DA9A00CC81A579E7144035084E85C02FE2EAC7F206BF6C869AA720B59109AD624323C95DB6BBD6A6A89AC0F351C78D08B0C60EAF55AE5181046B3628978F4FD286687022F2CD079720E3B76EBA38406454FC274D7648C87E2D15246FF6F4159BF0275DFCB20D1934AA2A92AFF7A70266858CB7FE6F21BBE9F1B4DD5A6A2C439122206E7302ED4BDBCC003A978B2C3197CCF6D69CD68F421601DD45593DED50EE0F1775AF84A9125061798FAA0E22DE6087C490A2D8B02CB4DC273501D1B6E7D07DD4B980EE3D17B89231E58D2AA4D09369FEE432B7DF7CE0DC2C7A0B1D45E9B80BA774560E6A371EE2C4020D9F9801617735498CC5C268152A8D5552281E6A8B27DD53473E3602702655A017C0219BE30AF8249B6D41DAB2C56FFADA120A301415CE798EF169BC01060970BD762C031550E3D1E92884F27C01F795478916B7FDEBCFFB88B0905F08FD0995B93AE4CCD4CB8CA3A888FC031D03D342615510AE5B99C0E43893FD169D5F8425E41CBDC2E5D214DB2AB0DD119F45B11095CE8EF9A2DB80334349C6C1C0D02B2B3E406E62708E9CB368DB1D57F4994606F3E26832AAC773D77293C377D448B327E8DBEF5CFEFBCCD6FDD376C5F020489BB391B89F344403B83549127F2013570AAB3C011702EDCFE4A97969FDCC50743F2DF162C45D0D9C311D5493554B54D3BDF0BF232B4C8AD372D142395724758A505B2E87D42EB32F0DDF34EBAA677DEA1B48D91EE615CA0B867D356C5BF8AECCA6600111350F19B091D6790564E4D96272649178CBF7FC2C1FD7EE4FC82DED0408813CAA83CCF619F1804B0C9A1A0503061C02058F75C1F2AA319F70918A79FAB3A646C48E1A5965D9FE64F298C2701C0D6BDB529BEE8F1D0E7D0B21DD3EEC0259DE97135A0B1F96E597916DE07CE07EB26FE0B80CAD316DA0D40B7B07D6376C1ED7BD0F9D997BB02A34B6F5A6C9ED7F166CE8D0345B432BAEF38A591BCA1B129CE95BF24423F63BA963484853110679C9C7DE791909B89F77388AD95EEF2F4F608AA2406DE8ED456157D2E6811EE8C8D58E43D474A8"
"OODI05.00.00.01PRO"="FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6A0AC4980AC7933FEBC9E127BECC74CB9DABEE1E167C525F1EBC09F42CA13B8967E35AE09FEB319D2E1C6BA1F7E17C98F71937001D7862254874522BFAC9FBA69867C0A52BC31F3D270930DB20CD80A1887A41BD486FCB1DC0E6C94E0C890CECB066D4B44E823384A87760599D4498604AAE99DCCC4D2F6C37ED92C28B44A639A0AF7409A774C3A5868CD29DF50AB9D57EC4CD8EB29667B10D927C02E4669C503278158A09EA53372D7EA24A9B6F212ECE22C4C498C48A8A0A7DE4CA0983C2D07F4E329B8DD59C05E1F95C12B8549896FA75BA1908E3ECEA67281703D0B43AF008EEAEC577348E3390A06F4B17C090F6057A2A1011042A1A94904705BC137CB9794D7FE85E20483F1696BD49823C3111594BA3D6D3881B6813FCC35612103E04B2BE0DF627657E64D126798D4C0BD623605D5853EF0DC8BDC69B9C84B58C2336FF7AD361DB7B93C62DC1021E86370B7BED19333ECE76B7EBDE2985DAA534A6AAAA85BC9FBF9DD161C25EEED73DB87AC03A98D208A90F553F9CB2F4423C5A094F66B7B0858CD25E7BBCD83A6203E634024BC4D4B399FF8B1BA44B4F76CA700A1A37413019F8E280D543A3E13B1E699531D425357AF8FA6247DF5561353B4D565D37C1BE9D15633C04ED205A37EEF712EB972918BBB9F659A9488B2D5396A47987D3D011C068544A6E483B369F1BA67791B8BEED23ACFCD68A52D5EA2100CA7D8EB76251464418F42A73F171987EDADC4B54FC5BB1FE82EC42B156183E1A283243D6D5CF22A71FB7E7A79F00E5471A702D38367797273864C72F637A34BF619DF6569EFFC29C12628952BF6457CF3EC8710F115E3CE3D8E7C9C0FD1D27A9AD9D52AB49D1DC5A25EF084CED4613D644B10DB6707F3E259AEB9A0191206B55F6E30A7A095DD7B47A56DA7E827A761F94339FCB56649F21E834C47D9D2D2545BAF804B80FCF0D4A93597317B8102CDAC09860C33D328D6A4DF5DAE18DE76436B2CBB582A6D2CF38577CC2B10687F76BA065DF43962F4774CC9FEC71E765082AEA73A64FBF2868F590D4EEE32D550E723D58878A5973DD63678A25A3ACDE525871736DCD38F1F6E6A49C1AD7338CA3FAD48B62CD970AE07495B9F7E3E8C5DD49D26D2FD1638367041B3306A69726AAFE1E2F9773C5A1B2EAE9433A2824E82CE5B3313DBA9D4AF05A908087E2A59CAFC0E5EC99935B9FA89D5F67B8861A447607050DF5D7BC31432B3341993D5373005C1A67E2132646967708E7B4638923EF0CFC385BC79D5929134DD9A2C0ACA7DB3525CD773A626242B74979B456B8F1EF63188B388194E7A50C1DBA3996C44BF8BDAD478C907BD0E4C1C05A6C2DF0945FE8FCD00"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
f:\program files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\php-cgi.exe
f:\program files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exe
f:\program files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
f:\program files (x86)\EVGA Precision\EVGAPrecision.exe
.
**************************************************************************
.
Completion time: 2011-12-15 14:25:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 20:25
.
Pre-Run: 50,289,008,640 bytes free
Post-Run: 49,642,291,200 bytes free
.
- - End Of File - - 200F6F42B027F32204747FB8EFD185FB


I`am also attaching screen shot from eset warning.Alert.jpg
  • 0

#7
Essexboy
Posted 15 December 2011 - 02:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm this is the second one of these I have come across

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#8
thexmanone
Posted 16 December 2011 - 12:05 AM

thexmanone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok got everything you asked for.

AVP LOG:

Status: Absent (events: 2)
12/15/2011 6:54:36 PM Not found Trojan program Rootkit.Boot.Pihar.b \Device\Harddisk1\DR1 High
12/15/2011 6:54:36 PM Not found virus HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\Users\John\AppData\Local\ALI213\ALI213Update\ALI213updt32.dll.vir High
Status: Deleted (events: 7)
12/15/2011 4:00:21 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\10.12.2011_19.47.46\mbr0000\mbr0000\tsk0000.dta High
12/15/2011 4:00:21 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\14.12.2011_16.06.29\mbr0000\mbr0000\tsk0000.dta High
12/15/2011 5:39:57 PM Deleted Trojan program Trojan.Win32.Jorik.IRCbot.cub D:\Transtemp\ZsEyNv1.1.4215\Lz0\keyfilemaker.exe High
12/15/2011 10:40:53 PM Deleted Trojan program Trojan-Spy.HTML.Fraud.gen F:\Users\John\Appdata\Local\Microsoft\Windows Live Mail\Gmail (thex 60f\[Gmail]\Spam\593C1C7F-00028B0B.eml High
12/15/2011 10:40:53 PM Deleted Trojan program Trojan-Spy.HTML.Fraud.gen F:\Users\John\Appdata\Local\Microsoft\Windows Live Mail\Gmail (thex 60f\[Gmail]\Spam\593C1C7F-00028B0B.eml//[From "CHASE"<[email protected]>][Date 19 Apr 2011 09:28:17][Subj Update Your Online Account]/html High
12/15/2011 10:41:47 PM Deleted Trojan program Rootkit.Boot.Pihar.b F:\Users\John\Desktop\MBR.dat High
12/15/2011 10:45:23 PM Deleted Trojan program Rootkit.Boot.Pihar.b F:\Users\John\Downloads\delete\MBRCheck_MBR_Backup_12-11-11_16-18-40.bak High
Status: Disinfected (events: 8)
12/15/2011 7:10:34 PM Disinfected Trojan program Rootkit.Boot.Pihar.b D:\_Genie Timeline\0\C\TDSSKiller_Quarantine\10.12.2011_19.47.46\mbr0000\mbr0000\tsk0000.dta.0.zip/tsk0000.dta High
12/15/2011 7:10:34 PM Disinfected Trojan program Rootkit.Boot.Pihar.b D:\_Genie Timeline\0\C\TDSSKiller_Quarantine\10.12.2011_19.47.46\mbr0000\mbr0000\tsk0000.dta.0.zip High
12/15/2011 7:10:35 PM Disinfected Trojan program Rootkit.Boot.Pihar.b D:\_Genie Timeline\0\C\TDSSKiller_Quarantine\14.12.2011_16.06.29\mbr0000\mbr0000\tsk0000.dta.0.zip/tsk0000.dta High
12/15/2011 7:10:35 PM Disinfected Trojan program Rootkit.Boot.Pihar.b D:\_Genie Timeline\0\C\TDSSKiller_Quarantine\14.12.2011_16.06.29\mbr0000\mbr0000\tsk0000.dta.0.zip High
12/15/2011 8:49:19 PM Disinfected Trojan program Rootkit.Boot.Pihar.b D:\_Genie Timeline\0\F\Users\John\Desktop\MBR.dat.0.zip/MBR.dat High
12/15/2011 8:49:19 PM Disinfected Trojan program Rootkit.Boot.Pihar.b D:\_Genie Timeline\0\F\Users\John\Desktop\MBR.dat.2.zip/MBR.dat High
12/15/2011 8:49:19 PM Disinfected Trojan program Rootkit.Boot.Pihar.b D:\_Genie Timeline\0\F\Users\John\Desktop\MBR.dat.0.zip High
12/15/2011 8:49:19 PM Disinfected Trojan program Rootkit.Boot.Pihar.b D:\_Genie Timeline\0\F\Users\John\Desktop\MBR.dat.2.zip High


Zip File:

Zip File
  • 0

#9
Essexboy
Posted 16 December 2011 - 12:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once this has run could you check to see if Eset still detects it

  • Re-run AVPTool
  • Select the Manual Disinfection tab and press Script execution

    Posted Image
  • Where it states Insert text script in the following box copy the below script and press Run script
    Copy from Begin until End

    Posted Image

    begin
SetAVZPMStatus(True);
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DeleteFile('C:\Users\John\AppData\Local\ALI213\ALI213Data\ALI213data.DLL');
 BC_DeleteFile('C:\Users\John\AppData\Local\ALI213\ALI213Data\ALI213data.DLL');
 RegKeyParamDel('HKEY_USERS','S-1-5-21-1074675625-3414863663-3306549137-1011\Software\Microsoft\Windows\CurrentVersion\Run','ALI213Data');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file

  • 0

#10
thexmanone
Posted 16 December 2011 - 03:21 PM

thexmanone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello,

Ok, i did as instructed and everything ran fine, but ESET still detects the trojan.
One good thing is i have not had any system lockups.

I`am attaching the zip file you asked for.


Thank you again for trying to figure this out.
Its driving me nuts. I could get Norton internet security free with my isp. Do you thinck i should uninstall ESET and use Norton?



Attached File  avptool_sysinfo.zip   12.15KB   116 downloads

Edited by thexmanone, 16 December 2011 - 03:22 PM.

  • 0

Advertisements

#11
Essexboy
Posted 16 December 2011 - 03:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you burn a CD ?

1. Please download the following: gparted-live-0.10.0-3.iso (115 MB)

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.


2. Now, please boot off of the newly created GParted CD. See How to Set BIOS to Boot from CDROM for information on how to boot from the CD.

You should arrive to the following screen:
Posted Image
Press the ENTER key

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and press the ENTER key.

Posted Image
Next, choose your language and press the ENTER key. English is the default setting [33]

Posted Image
Once again, at this prompt, press the ENTER key.

You will now be taken to the main GUI screen below
Posted Image

Please take a picture of this screen (camera or phone pictures will work just fine), and post it here for me to see. It is very important that you complete this step.
  • 0

#12
thexmanone
Posted 16 December 2011 - 05:43 PM

thexmanone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok got it





gparted.jpg
  • 0

#13
Essexboy
Posted 17 December 2011 - 05:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The unallocated partition may be the problem, so with Gparted we will move it

Select the top partition
Select from the top bar resize/move
do not change the free space preceding value
Resize the partition to include the 1.71Mb unallocated space

To specify the size and the location of the partition, use one or a combination of the following:

Click-and-hold the arrow at the right end of the graphic area. Drag the arrow right within the display range.

The application refreshes both the graphic area and the numbers beside the three field labels.


See the screen shot for details


  • 0

#14
thexmanone
Posted 17 December 2011 - 02:08 PM

thexmanone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello,

I think i may have have moved the silder the wrong way.
Can you take a look at the pic. that i haved attached.
As you can see in the pic. The unallocated space in now 3 megs.

If i did it wrong, and once the program runs it course. Should i do it again?



gparted1.jpg
  • 0

#15
Essexboy
Posted 17 December 2011 - 02:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hit the cancel button and try again
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP