Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help to Remove Boot.Tidserv

Started by yuri_yuri , Dec 16 2011 05:46 PM

  • Please log in to reply

#1
yuri_yuri
Posted 16 December 2011 - 05:46 PM

yuri_yuri

    New Member

  • Member
  • Pip
  • 8 posts
Since we do a lot of streaming, I'm not sure how we acquired Boot.Tidserv but Norton has detected as a threat and can't get rid of it. I have already used Norton Power Eraser and TDSSKiller, they both can't detect the virus. Furthermore, I read in a lot of forums that this virus can survive re-installation of the Operating System, in which I have already re-installed the Operation System twice and Norton still pops up with the threat. My computer seems to be running okay right now because I just re-installed the OS but I'm afraid, soon enough the virus will creep up again, it was re-directing all my sites and freezing my computer. Also, my computer had a hard time booting up, it wouldn't even re-install the OS with the system restore partition, Dell had to send out a windows disc for me to do re-install the OS. Please help me get rid of this nasty virus/malware! I'm not the most computer literate person so help will be greatly appreciated! This is what Norton says: Boot.Tidserv- Removal failed for this threat. Master boot record infection: Drive 0x80.

Here is my OTL log:


OTL logfile created on: 12/16/2011 3:29:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sou Xiong\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 4.06 Gb Available Physical Memory | 69.99% Memory free
11.61 Gb Paging File | 9.88 Gb Available in Paging File | 85.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.72 Gb Total Space | 664.83 Gb Free Space | 96.53% Space Free | Partition Type: NTFS
Drive D: | 9.88 Gb Total Space | 4.09 Gb Free Space | 41.44% Space Free | Partition Type: NTFS

Computer Name: SOUXIONG-PC | User Name: Sou Xiong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/16 15:27:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sou Xiong\Downloads\OTL.exe
PRC - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/07 03:16:28 | 000,411,192 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 03:16:27 | 003,767,864 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 03:14:56 | 000,122,952 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 03:14:55 | 000,222,280 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 03:14:53 | 001,746,504 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/06 23:22:33 | 008,593,056 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 15:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe -- (N360)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/16 14:14:01 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/30 21:24:00 | 000,382,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\symnets.sys -- (SYMNETS)
DRV:64bit: - [2010/11/23 16:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/22 20:08:32 | 000,735,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/11/22 20:08:32 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/17 18:59:55 | 000,802,864 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/11/15 17:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/20 18:28:36 | 000,450,608 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2010/09/30 11:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 11:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/08/20 20:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/11/21 16:31:18 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/30 06:56:34 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/16 02:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/12/15 01:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111215.002\ex64.sys -- (NAVEX15)
DRV - [2011/12/15 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111215.002\eng64.sys -- (NAVENG)
DRV - [2010/11/22 20:21:16 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/10 17:46:29 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sou Xiong\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sou Xiong\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/12/16 14:14:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/12/16 14:13:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/15 19:24:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/15 19:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sou Xiong\AppData\Roaming\Mozilla\Extensions
[2011/12/15 19:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/20 20:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/20 17:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/20 17:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Sou Xiong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Sou Xiong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Sou Xiong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15862262-28BD-456E-B214-47478D9C9B33}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 14:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/16 15:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/12/16 14:14:01 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/12/16 14:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/12/16 14:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/12/16 14:13:51 | 000,802,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymEFA64.sys
[2011/12/16 14:13:51 | 000,735,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtsp64.sys
[2011/12/16 14:13:51 | 000,450,608 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymDS64.sys
[2011/12/16 14:13:51 | 000,382,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\symnets.sys
[2011/12/16 14:13:51 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Ironx64.sys
[2011/12/16 14:13:51 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtspx64.sys
[2011/12/16 14:13:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/12/16 14:13:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0500000.07D
[2011/12/16 14:13:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2011/12/16 14:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2011/12/16 14:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/12/16 14:06:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/16 13:26:41 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\CrashDumps
[2011/12/16 13:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/16 13:08:13 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/16 13:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/16 13:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/16 13:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/16 13:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/16 12:56:02 | 000,000,000 | ---D | C] -- C:\temp
[2011/12/16 12:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/12/16 12:42:23 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Tific
[2011/12/15 22:18:55 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Malwarebytes
[2011/12/15 22:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/15 22:18:48 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/15 21:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/12/15 21:14:00 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\NPE
[2011/12/15 21:09:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/12/15 21:08:56 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\Documents\Symantec
[2011/12/15 21:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/12/15 20:47:52 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2011/12/15 20:47:52 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2011/12/15 20:47:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/12/15 20:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DW
[2011/12/15 20:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2011/12/15 20:47:32 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\InstallShield
[2011/12/15 20:45:41 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\Desktop\Music
[2011/12/15 20:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/12/15 20:11:59 | 000,000,000 | ---D | C] -- C:\Macromedia
[2011/12/15 19:29:26 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Google
[2011/12/15 19:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/12/15 19:27:15 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/15 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Mozilla
[2011/12/15 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\Mozilla
[2011/12/15 19:24:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/12/15 19:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/12/15 19:22:12 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\Google
[2011/12/15 19:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/12/15 19:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/12/15 19:22:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/12/15 19:22:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/15 19:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2011/12/15 19:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/12/15 19:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2011/12/15 19:06:30 | 000,000,000 | ---D | C] -- C:\Intel
[2011/12/15 19:06:28 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2011/12/15 18:49:41 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Macromedia
[2011/12/15 18:49:41 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Adobe
[2011/12/15 18:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2011/12/15 18:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/12/15 18:48:36 | 000,000,000 | ---D | C] -- C:\Windows\Dell
[2011/12/15 18:48:21 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/12/15 18:48:17 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\Downloaded Installations
[2011/12/15 18:47:57 | 000,000,000 | ---D | C] -- C:\dell
[2011/12/15 18:12:11 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\Diagnostics
[2011/12/15 17:26:37 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/12/15 17:26:37 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Searches
[2011/12/15 17:26:37 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/12/15 17:26:37 | 000,000,000 | -H-D | C] -- C:\Users\Sou Xiong\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/12/15 17:26:29 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Identities
[2011/12/15 17:26:28 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Contacts
[2011/12/15 17:26:26 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\VirtualStore
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\AppData\Local\Temporary Internet Files
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Templates
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Start Menu
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\SendTo
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Recent
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\PrintHood
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\NetHood
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Documents\My Videos
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Documents\My Pictures
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Documents\My Music
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\My Documents
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Local Settings
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\AppData\Local\History
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Cookies
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Application Data
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\AppData\Local\Application Data
[2011/12/15 17:26:19 | 000,000,000 | --SD | C] -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Videos
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Saved Games
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Pictures
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Music
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Links
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Favorites
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Downloads
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Documents
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Desktop
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/12/15 17:26:19 | 000,000,000 | -H-D | C] -- C:\Users\Sou Xiong\AppData
[2011/12/15 17:26:19 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\Temp
[2011/12/15 17:26:19 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\Microsoft
[2011/12/15 17:26:19 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Media Center Programs
[2011/12/15 17:26:15 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/12/15 17:26:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/12/15 17:10:57 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/12/15 17:10:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/12/15 17:10:02 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/12/15 17:09:48 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/12/15 17:09:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM
[2011/12/15 17:09:31 | 000,000,000 | ---D | C] -- C:\Hotfix
[2011/12/15 17:09:31 | 000,000,000 | ---D | C] -- C:\Drivers

========== Files - Modified Within 30 Days ==========

[2011/12/16 15:30:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3294813628-113654155-1447036474-1000UA.job
[2011/12/16 15:13:46 | 000,745,136 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/16 15:13:46 | 000,638,330 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/16 15:13:46 | 000,110,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/16 14:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/16 14:19:43 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 14:19:43 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 14:14:13 | 001,305,420 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Cat.DB
[2011/12/16 14:14:01 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/12/16 14:14:01 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/12/16 14:14:01 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/12/16 14:13:56 | 000,002,590 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/12/16 14:13:30 | 000,001,366 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\Norton Installation Files.lnk
[2011/12/16 14:12:38 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/16 14:12:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/16 14:12:26 | 378,888,191 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 13:25:59 | 000,017,408 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\WebpageIcons.db
[2011/12/16 13:24:14 | 001,306,824 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/16 13:08:07 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/16 13:07:46 | 000,512,992 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\sdsetup_revwire207.exe
[2011/12/15 19:30:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3294813628-113654155-1447036474-1000Core.job
[2011/12/15 19:27:16 | 000,002,335 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\Google Chrome.lnk
[2011/12/15 19:25:39 | 000,001,102 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\Documents.lnk
[2011/12/15 19:24:31 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/15 19:23:41 | 000,000,355 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\Computer.lnk
[2011/12/15 19:16:00 | 000,016,252 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2011/12/15 19:11:18 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/15 19:08:39 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2011/12/15 17:44:23 | 000,001,437 | ---- | M] () -- C:\Users\Sou Xiong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/15 17:26:40 | 000,000,868 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\Downloads.lnk
[2011/12/15 17:13:13 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/12/15 17:13:13 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/12/15 17:11:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/12/15 17:09:50 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

========== Files Created - No Company Name ==========

[2011/12/16 14:14:10 | 001,305,420 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Cat.DB
[2011/12/16 14:14:01 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/12/16 14:14:01 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/12/16 14:13:56 | 000,002,590 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/12/16 14:13:47 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\iron.cat
[2011/12/16 14:13:47 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtspx64.cat
[2011/12/16 14:13:47 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymEFA64.cat
[2011/12/16 14:13:47 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\symnet64.cat
[2011/12/16 14:13:47 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtsp64.cat
[2011/12/16 14:13:47 | 000,007,454 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymDS64.cat
[2011/12/16 14:13:47 | 000,003,374 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymEFA.inf
[2011/12/16 14:13:47 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymDS.inf
[2011/12/16 14:13:47 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\SymNet.inf
[2011/12/16 14:13:47 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtsp64.inf
[2011/12/16 14:13:47 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\srtspx64.inf
[2011/12/16 14:13:47 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\Iron.inf
[2011/12/16 14:13:47 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500000.07D\isolate.ini
[2011/12/16 13:25:56 | 000,017,408 | ---- | C] () -- C:\Users\Sou Xiong\AppData\Local\WebpageIcons.db
[2011/12/16 13:09:21 | 001,306,824 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/16 13:08:07 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/16 13:07:51 | 000,512,992 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\sdsetup_revwire207.exe
[2011/12/15 23:53:15 | 000,001,366 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\Norton Installation Files.lnk
[2011/12/15 20:47:52 | 000,021,666 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2011/12/15 20:47:52 | 000,009,128 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2011/12/15 19:27:16 | 000,002,335 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\Google Chrome.lnk
[2011/12/15 19:25:52 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3294813628-113654155-1447036474-1000UA.job
[2011/12/15 19:25:51 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3294813628-113654155-1447036474-1000Core.job
[2011/12/15 19:25:39 | 000,001,102 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\Documents.lnk
[2011/12/15 19:24:31 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/15 19:24:31 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/15 19:23:41 | 000,000,355 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\Computer.lnk
[2011/12/15 19:22:15 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/15 19:22:14 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/15 19:16:00 | 000,016,252 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2011/12/15 19:08:39 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2011/12/15 19:06:28 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2011/12/15 19:06:28 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/12/15 19:06:28 | 000,870,544 | ---- | C] () -- C:\Windows\SysNative\igkrng575.bin
[2011/12/15 19:06:28 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/12/15 19:06:28 | 000,205,824 | ---- | C] () -- C:\Windows\SysNative\iglhsip64.dll
[2011/12/15 19:06:28 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\iglhcp64.dll
[2011/12/15 19:06:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/12/15 19:06:28 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2011/12/15 19:06:28 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2011/12/15 19:06:28 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2011/12/15 19:06:28 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/12/15 19:06:28 | 000,050,036 | ---- | C] () -- C:\Windows\SysNative\igfcg575m.bin
[2011/12/15 19:06:28 | 000,005,144 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2011/12/15 19:06:28 | 000,001,090 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2011/12/15 19:06:27 | 000,187,765 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2011/12/15 19:06:27 | 000,176,490 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2011/12/15 19:06:27 | 000,163,560 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2011/12/15 19:06:27 | 000,152,600 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2011/12/15 19:06:27 | 000,138,088 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2011/12/15 19:06:27 | 000,134,602 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2011/12/15 19:06:27 | 000,131,904 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2011/12/15 19:06:27 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/12/15 19:06:27 | 000,127,896 | ---- | C] () -- C:\Windows\SysNative\igcompkrng575.bin
[2011/12/15 19:06:27 | 000,123,747 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2011/12/15 19:06:27 | 000,121,451 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2011/12/15 19:06:27 | 000,121,132 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2011/12/15 19:06:27 | 000,120,882 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2011/12/15 19:06:27 | 000,119,326 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2011/12/15 19:06:27 | 000,118,949 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2011/12/15 19:06:27 | 000,118,569 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2011/12/15 19:06:27 | 000,117,762 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2011/12/15 19:06:27 | 000,117,737 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2011/12/15 19:06:27 | 000,117,527 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2011/12/15 19:06:27 | 000,117,229 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2011/12/15 19:06:27 | 000,116,944 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2011/12/15 19:06:27 | 000,116,868 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2011/12/15 19:06:27 | 000,116,629 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2011/12/15 19:06:27 | 000,116,230 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2011/12/15 19:06:27 | 000,113,040 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2011/12/15 19:06:27 | 000,112,529 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2011/12/15 19:06:27 | 000,112,445 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2011/12/15 19:06:27 | 000,108,405 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2011/12/15 19:06:27 | 000,102,229 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2011/12/15 19:06:27 | 000,101,113 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2011/12/15 19:06:27 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2011/12/15 17:44:23 | 000,001,437 | ---- | C] () -- C:\Users\Sou Xiong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/15 17:26:41 | 000,001,409 | ---- | C] () -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/12/15 17:26:38 | 000,001,443 | ---- | C] () -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/12/15 17:26:37 | 000,000,868 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\Downloads.lnk
[2011/12/15 17:26:19 | 000,000,290 | ---- | C] () -- C:\Users\Sou Xiong\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/15 17:26:19 | 000,000,272 | ---- | C] () -- C:\Users\Sou Xiong\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/12/15 17:13:03 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/15 17:13:01 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/15 17:11:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/12/15 17:10:27 | 378,888,191 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/15 17:09:50 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011/12/15 17:09:48 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/12/15 17:09:32 | 000,000,028 | RH-- | C] () -- C:\Windows\version
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/16 12:42:23 | 000,000,000 | ---D | M] -- C:\Users\Sou Xiong\AppData\Roaming\Tific
[2009/07/13 21:08:49 | 000,004,910 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 17 December 2011 - 02:25 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.




Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#3
yuri_yuri
Posted 17 December 2011 - 04:30 PM

yuri_yuri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here are the logs:

ComboFix: ( just a note: I did let ComboFix run through properly and I even waited until it created the log, but it still froze my desktop, I rebooted my computer and everything was fine, just a note, in case)


ComboFix 11-12-17.02 - Sou Xiong 12/17/2011 13:29:05.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4859 [GMT -8:00]
Running from: c:\users\Sou Xiong\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-17 20:08 . 2011-12-17 20:08 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-17 20:08 . 2011-12-17 20:08 -------- d-----w- c:\windows\system32\Wat
2011-12-16 23:12 . 2011-12-16 23:12 -------- d-----w- c:\programdata\Hewlett-Packard
2011-12-16 23:12 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-12-16 21:07 . 2011-12-16 21:31 -------- d-----w- c:\programdata\PC Tools
2011-12-16 20:56 . 2011-12-16 20:56 -------- d-----w- C:\temp
2011-12-16 20:52 . 2011-12-16 20:56 -------- d-----w- c:\programdata\Trend Micro
2011-12-16 06:18 . 2011-12-16 06:18 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 06:18 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-16 05:47 . 2011-12-17 21:26 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-12-16 05:09 . 2011-12-17 21:26 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-16 04:47 . 2011-12-16 04:47 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-12-16 04:47 . 2011-12-16 04:47 -------- d-----w- c:\program files (x86)\DW
2011-12-16 04:47 . 2010-11-24 00:12 1579520 ----a-w- c:\windows\system32\drivers\athrx.sys
2011-12-16 04:47 . 2010-11-24 00:12 1579520 ----a-w- c:\windows\system32\athrx.sys
2011-12-16 04:47 . 2011-12-16 04:47 -------- d-----w- c:\programdata\Dell
2011-12-16 04:35 . 2011-12-17 21:27 -------- d-----w- c:\programdata\Norton
2011-12-16 04:11 . 2011-12-16 04:11 -------- d-----w- C:\Macromedia
2011-12-16 03:29 . 2011-12-16 03:29 -------- d-----w- c:\programdata\McAfee
2011-12-16 03:22 . 2011-12-16 03:22 -------- d-----w- c:\program files\Google
2011-12-16 03:22 . 2011-12-16 03:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-16 03:22 . 2011-12-16 03:22 -------- d-----w- c:\program files (x86)\Google
2011-12-16 03:22 . 2011-12-16 03:22 -------- d-----w- c:\windows\SysWow64\Macromed
2011-12-16 03:22 . 2011-12-16 03:22 -------- d-----w- c:\windows\system32\Macromed
2011-12-16 03:09 . 2011-11-30 10:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC9797D1-0102-4EF7-89DC-0425195D146F}\mpengine.dll
2011-12-16 02:54 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-12-16 02:53 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-16 02:53 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-12-16 02:53 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-12-16 02:53 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-16 02:53 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-12-16 02:53 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-12-16 02:53 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-12-16 02:53 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-16 02:53 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-16 02:49 . 2011-12-16 02:52 -------- d-----w- c:\programdata\iolo
2011-12-16 02:48 . 2011-12-16 02:48 -------- d-----w- c:\program files\Broadcom
2011-12-16 02:48 . 2011-12-16 02:48 -------- d-----w- c:\windows\Dell
2011-12-16 02:48 . 2011-12-16 22:07 -------- d-sh--w- c:\windows\Installer
2011-12-16 02:47 . 2011-12-16 02:47 -------- d-----w- C:\dell
2011-12-16 01:26 . 2011-12-16 01:26 -------- d-----w- c:\users\Sou Xiong
2011-12-16 01:26 . 2011-12-16 01:26 -------- d-----w- C:\Recovery
2011-12-16 01:10 . 2011-12-16 01:26 -------- d-----w- c:\windows\Panther
2011-12-16 01:09 . 2011-12-16 01:09 -------- d-----w- C:\Boot
2011-12-16 01:09 . 2011-12-16 01:14 -------- d-----w- c:\windows\system32\OEM
2011-12-16 01:09 . 2011-12-16 01:09 -------- d-----w- C:\Hotfix
2011-12-16 01:09 . 2011-12-16 01:09 -------- d-----w- C:\Drivers
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 22:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 03:22]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 03:22]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3294813628-113654155-1447036474-1000Core.job
- c:\users\Sou Xiong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 03:25]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3294813628-113654155-1447036474-1000UA.job
- c:\users\Sou Xiong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 03:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-24 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-24 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-24 410136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sou Xiong\AppData\Roaming\Mozilla\Firefox\Profiles\mskxuwey.default\
FF - prefs.js: browser.startup.homepage - google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-17 13:33:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-17 21:33
.
Pre-Run: 713,988,890,624 bytes free
Post-Run: 713,487,159,296 bytes free
.
- - End Of File - - 60959A24B20B83105DBFDFEFDD37B4B6




TDSSKiller:

13:48:44.0783 1964 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
13:48:45.0204 1964 ============================================================
13:48:45.0204 1964 Current date / time: 2011/12/17 13:48:45.0204
13:48:45.0204 1964 SystemInfo:
13:48:45.0204 1964
13:48:45.0204 1964 OS Version: 6.1.7601 ServicePack: 1.0
13:48:45.0204 1964 Product type: Workstation
13:48:45.0204 1964 ComputerName: SOUXIONG-PC
13:48:45.0204 1964 UserName: Sou Xiong
13:48:45.0204 1964 Windows directory: C:\Windows
13:48:45.0204 1964 System windows directory: C:\Windows
13:48:45.0204 1964 Running under WOW64
13:48:45.0204 1964 Processor architecture: Intel x64
13:48:45.0204 1964 Number of processors: 4
13:48:45.0204 1964 Page size: 0x1000
13:48:45.0204 1964 Boot type: Normal boot
13:48:45.0204 1964 ============================================================
13:48:47.0216 1964 Initialize success
13:48:59.0135 1872 ============================================================
13:48:59.0135 1872 Scan started
13:48:59.0135 1872 Mode: Manual;
13:48:59.0135 1872 ============================================================
13:49:00.0040 1872 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:49:00.0040 1872 1394ohci - ok
13:49:00.0071 1872 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:49:00.0071 1872 ACPI - ok
13:49:00.0086 1872 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:49:00.0086 1872 AcpiPmi - ok
13:49:00.0102 1872 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:49:00.0102 1872 adp94xx - ok
13:49:00.0118 1872 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:49:00.0118 1872 adpahci - ok
13:49:00.0133 1872 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:49:00.0133 1872 adpu320 - ok
13:49:00.0180 1872 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:49:00.0180 1872 AFD - ok
13:49:00.0196 1872 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:49:00.0196 1872 agp440 - ok
13:49:00.0211 1872 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:49:00.0211 1872 aliide - ok
13:49:00.0227 1872 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:49:00.0227 1872 amdide - ok
13:49:00.0242 1872 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:49:00.0242 1872 AmdK8 - ok
13:49:00.0258 1872 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:49:00.0258 1872 AmdPPM - ok
13:49:00.0258 1872 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
13:49:00.0274 1872 amdsata - ok
13:49:00.0274 1872 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:49:00.0274 1872 amdsbs - ok
13:49:00.0289 1872 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
13:49:00.0289 1872 amdxata - ok
13:49:00.0305 1872 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:49:00.0305 1872 AppID - ok
13:49:00.0352 1872 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:49:00.0352 1872 arc - ok
13:49:00.0367 1872 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:49:00.0367 1872 arcsas - ok
13:49:00.0383 1872 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:49:00.0383 1872 AsyncMac - ok
13:49:00.0398 1872 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:49:00.0398 1872 atapi - ok
13:49:00.0523 1872 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
13:49:00.0539 1872 athr - ok
13:49:00.0586 1872 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:49:00.0601 1872 b06bdrv - ok
13:49:00.0632 1872 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:49:00.0632 1872 b57nd60a - ok
13:49:00.0648 1872 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:49:00.0648 1872 Beep - ok
13:49:00.0679 1872 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:49:00.0679 1872 blbdrive - ok
13:49:00.0710 1872 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:49:00.0710 1872 bowser - ok
13:49:00.0710 1872 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:49:00.0726 1872 BrFiltLo - ok
13:49:00.0726 1872 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:49:00.0726 1872 BrFiltUp - ok
13:49:00.0757 1872 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:49:00.0757 1872 Brserid - ok
13:49:00.0773 1872 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:49:00.0773 1872 BrSerWdm - ok
13:49:00.0773 1872 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:49:00.0773 1872 BrUsbMdm - ok
13:49:00.0788 1872 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:49:00.0788 1872 BrUsbSer - ok
13:49:00.0804 1872 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:49:00.0804 1872 BTHMODEM - ok
13:49:00.0820 1872 catchme - ok
13:49:00.0835 1872 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:49:00.0835 1872 cdfs - ok
13:49:00.0851 1872 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:49:00.0851 1872 cdrom - ok
13:49:00.0866 1872 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:49:00.0866 1872 circlass - ok
13:49:00.0882 1872 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:49:00.0882 1872 CLFS - ok
13:49:00.0898 1872 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:49:00.0898 1872 CmBatt - ok
13:49:00.0913 1872 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:49:00.0913 1872 cmdide - ok
13:49:00.0929 1872 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:49:00.0929 1872 CNG - ok
13:49:00.0944 1872 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:49:00.0944 1872 Compbatt - ok
13:49:00.0960 1872 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:49:00.0960 1872 CompositeBus - ok
13:49:00.0976 1872 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:49:00.0976 1872 crcdisk - ok
13:49:01.0007 1872 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:49:01.0007 1872 DfsC - ok
13:49:01.0022 1872 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:49:01.0022 1872 discache - ok
13:49:01.0022 1872 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:49:01.0022 1872 Disk - ok
13:49:01.0069 1872 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:49:01.0069 1872 drmkaud - ok
13:49:01.0100 1872 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:49:01.0100 1872 DXGKrnl - ok
13:49:01.0178 1872 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:49:01.0241 1872 ebdrv - ok
13:49:01.0256 1872 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:49:01.0256 1872 elxstor - ok
13:49:01.0272 1872 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:49:01.0272 1872 ErrDev - ok
13:49:01.0288 1872 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:49:01.0288 1872 exfat - ok
13:49:01.0303 1872 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:49:01.0303 1872 fastfat - ok
13:49:01.0319 1872 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:49:01.0319 1872 fdc - ok
13:49:01.0319 1872 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:49:01.0319 1872 FileInfo - ok
13:49:01.0334 1872 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:49:01.0334 1872 Filetrace - ok
13:49:01.0350 1872 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:49:01.0350 1872 flpydisk - ok
13:49:01.0366 1872 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:49:01.0366 1872 FltMgr - ok
13:49:01.0381 1872 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:49:01.0381 1872 FsDepends - ok
13:49:01.0381 1872 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:49:01.0381 1872 Fs_Rec - ok
13:49:01.0397 1872 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:49:01.0397 1872 fvevol - ok
13:49:01.0412 1872 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:49:01.0412 1872 gagp30kx - ok
13:49:01.0459 1872 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:49:01.0459 1872 hcw85cir - ok
13:49:01.0475 1872 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:49:01.0475 1872 HdAudAddService - ok
13:49:01.0490 1872 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:49:01.0490 1872 HDAudBus - ok
13:49:01.0506 1872 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:49:01.0506 1872 HidBatt - ok
13:49:01.0522 1872 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:49:01.0522 1872 HidBth - ok
13:49:01.0537 1872 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:49:01.0537 1872 HidIr - ok
13:49:01.0553 1872 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:49:01.0553 1872 HidUsb - ok
13:49:01.0568 1872 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:49:01.0568 1872 HpSAMD - ok
13:49:01.0600 1872 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:49:01.0600 1872 HTTP - ok
13:49:01.0615 1872 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:49:01.0615 1872 hwpolicy - ok
13:49:01.0631 1872 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:49:01.0631 1872 i8042prt - ok
13:49:01.0646 1872 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
13:49:01.0646 1872 iaStorV - ok
13:49:01.0834 1872 igfx (31d1aff484d8a0906cf8d44251ec390f) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:49:01.0943 1872 igfx - ok
13:49:01.0943 1872 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:49:01.0943 1872 iirsp - ok
13:49:01.0990 1872 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:49:01.0990 1872 IntcDAud - ok
13:49:02.0005 1872 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:49:02.0005 1872 intelide - ok
13:49:02.0005 1872 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:49:02.0005 1872 intelppm - ok
13:49:02.0021 1872 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:49:02.0036 1872 IpFilterDriver - ok
13:49:02.0052 1872 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:49:02.0052 1872 IPMIDRV - ok
13:49:02.0052 1872 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:49:02.0068 1872 IPNAT - ok
13:49:02.0068 1872 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:49:02.0068 1872 IRENUM - ok
13:49:02.0083 1872 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:49:02.0083 1872 isapnp - ok
13:49:02.0099 1872 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:49:02.0099 1872 iScsiPrt - ok
13:49:02.0161 1872 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
13:49:02.0177 1872 k57nd60a - ok
13:49:02.0177 1872 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:49:02.0177 1872 kbdclass - ok
13:49:02.0192 1872 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:49:02.0192 1872 kbdhid - ok
13:49:02.0208 1872 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:49:02.0208 1872 KSecDD - ok
13:49:02.0224 1872 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:49:02.0224 1872 KSecPkg - ok
13:49:02.0255 1872 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:49:02.0255 1872 ksthunk - ok
13:49:02.0270 1872 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:49:02.0270 1872 lltdio - ok
13:49:02.0286 1872 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:49:02.0302 1872 LSI_FC - ok
13:49:02.0302 1872 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:49:02.0302 1872 LSI_SAS - ok
13:49:02.0317 1872 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:49:02.0317 1872 LSI_SAS2 - ok
13:49:02.0333 1872 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:49:02.0333 1872 LSI_SCSI - ok
13:49:02.0333 1872 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:49:02.0348 1872 luafv - ok
13:49:02.0348 1872 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:49:02.0348 1872 megasas - ok
13:49:02.0364 1872 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:49:02.0364 1872 MegaSR - ok
13:49:02.0395 1872 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:49:02.0395 1872 Modem - ok
13:49:02.0426 1872 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:49:02.0426 1872 monitor - ok
13:49:02.0458 1872 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:49:02.0458 1872 mouclass - ok
13:49:02.0473 1872 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:49:02.0473 1872 mouhid - ok
13:49:02.0504 1872 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:49:02.0520 1872 mountmgr - ok
13:49:02.0520 1872 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:49:02.0536 1872 mpio - ok
13:49:02.0536 1872 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:49:02.0536 1872 mpsdrv - ok
13:49:02.0551 1872 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:49:02.0567 1872 MRxDAV - ok
13:49:02.0582 1872 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:49:02.0582 1872 mrxsmb - ok
13:49:02.0598 1872 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:49:02.0598 1872 mrxsmb10 - ok
13:49:02.0614 1872 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:49:02.0614 1872 mrxsmb20 - ok
13:49:02.0645 1872 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:49:02.0645 1872 msahci - ok
13:49:02.0676 1872 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:49:02.0676 1872 msdsm - ok
13:49:02.0692 1872 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:49:02.0692 1872 Msfs - ok
13:49:02.0707 1872 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:49:02.0707 1872 mshidkmdf - ok
13:49:02.0707 1872 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:49:02.0707 1872 msisadrv - ok
13:49:02.0723 1872 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:49:02.0723 1872 MSKSSRV - ok
13:49:02.0738 1872 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:49:02.0738 1872 MSPCLOCK - ok
13:49:02.0754 1872 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:49:02.0754 1872 MSPQM - ok
13:49:02.0770 1872 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:49:02.0770 1872 MsRPC - ok
13:49:02.0785 1872 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:49:02.0785 1872 mssmbios - ok
13:49:02.0801 1872 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:49:02.0801 1872 MSTEE - ok
13:49:02.0816 1872 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:49:02.0816 1872 MTConfig - ok
13:49:02.0816 1872 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:49:02.0816 1872 Mup - ok
13:49:02.0894 1872 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:49:02.0894 1872 NativeWifiP - ok
13:49:02.0926 1872 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:49:02.0941 1872 NDIS - ok
13:49:02.0972 1872 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:49:02.0972 1872 NdisCap - ok
13:49:02.0972 1872 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:49:02.0988 1872 NdisTapi - ok
13:49:02.0988 1872 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:49:02.0988 1872 Ndisuio - ok
13:49:03.0004 1872 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:49:03.0004 1872 NdisWan - ok
13:49:03.0019 1872 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:49:03.0019 1872 NDProxy - ok
13:49:03.0019 1872 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:49:03.0019 1872 NetBIOS - ok
13:49:03.0035 1872 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:49:03.0035 1872 NetBT - ok
13:49:03.0066 1872 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:49:03.0066 1872 nfrd960 - ok
13:49:03.0082 1872 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:49:03.0082 1872 Npfs - ok
13:49:03.0097 1872 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:49:03.0097 1872 nsiproxy - ok
13:49:03.0144 1872 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
13:49:03.0160 1872 Ntfs - ok
13:49:03.0160 1872 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:49:03.0160 1872 Null - ok
13:49:03.0191 1872 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\drivers\nusb3hub.sys
13:49:03.0191 1872 nusb3hub - ok
13:49:03.0222 1872 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\drivers\nusb3xhc.sys
13:49:03.0222 1872 nusb3xhc - ok
13:49:03.0238 1872 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
13:49:03.0238 1872 nvraid - ok
13:49:03.0238 1872 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
13:49:03.0253 1872 nvstor - ok
13:49:03.0253 1872 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:49:03.0253 1872 nv_agp - ok
13:49:03.0269 1872 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:49:03.0269 1872 ohci1394 - ok
13:49:03.0284 1872 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:49:03.0284 1872 Parport - ok
13:49:03.0284 1872 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:49:03.0284 1872 partmgr - ok
13:49:03.0300 1872 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:49:03.0300 1872 pci - ok
13:49:03.0316 1872 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:49:03.0316 1872 pciide - ok
13:49:03.0347 1872 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:49:03.0347 1872 pcmcia - ok
13:49:03.0362 1872 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:49:03.0362 1872 pcw - ok
13:49:03.0394 1872 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:49:03.0409 1872 PEAUTH - ok
13:49:03.0456 1872 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:49:03.0456 1872 PptpMiniport - ok
13:49:03.0472 1872 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:49:03.0472 1872 Processor - ok
13:49:03.0487 1872 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:49:03.0487 1872 Psched - ok
13:49:03.0518 1872 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:49:03.0534 1872 ql2300 - ok
13:49:03.0550 1872 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:49:03.0550 1872 ql40xx - ok
13:49:03.0565 1872 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:49:03.0565 1872 QWAVEdrv - ok
13:49:03.0581 1872 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:49:03.0581 1872 RasAcd - ok
13:49:03.0612 1872 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:49:03.0612 1872 RasAgileVpn - ok
13:49:03.0628 1872 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:49:03.0628 1872 Rasl2tp - ok
13:49:03.0628 1872 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:49:03.0628 1872 RasPppoe - ok
13:49:03.0643 1872 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:49:03.0643 1872 RasSstp - ok
13:49:03.0659 1872 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:49:03.0659 1872 rdbss - ok
13:49:03.0674 1872 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:49:03.0674 1872 rdpbus - ok
13:49:03.0674 1872 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:49:03.0674 1872 RDPCDD - ok
13:49:03.0690 1872 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:49:03.0690 1872 RDPENCDD - ok
13:49:03.0706 1872 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:49:03.0706 1872 RDPREFMP - ok
13:49:03.0721 1872 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:49:03.0721 1872 RDPWD - ok
13:49:03.0737 1872 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:49:03.0737 1872 rdyboost - ok
13:49:03.0752 1872 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:49:03.0752 1872 rspndr - ok
13:49:03.0768 1872 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:49:03.0768 1872 sbp2port - ok
13:49:03.0784 1872 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:49:03.0784 1872 scfilter - ok
13:49:03.0799 1872 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:49:03.0799 1872 secdrv - ok
13:49:03.0815 1872 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:49:03.0815 1872 Serenum - ok
13:49:03.0830 1872 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:49:03.0830 1872 Serial - ok
13:49:03.0830 1872 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:49:03.0830 1872 sermouse - ok
13:49:03.0862 1872 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:49:03.0862 1872 sffdisk - ok
13:49:03.0877 1872 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:49:03.0877 1872 sffp_mmc - ok
13:49:03.0893 1872 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:49:03.0893 1872 sffp_sd - ok
13:49:03.0893 1872 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:49:03.0893 1872 sfloppy - ok
13:49:03.0924 1872 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:49:03.0924 1872 SiSRaid2 - ok
13:49:03.0940 1872 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:49:03.0940 1872 SiSRaid4 - ok
13:49:03.0955 1872 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:49:03.0955 1872 Smb - ok
13:49:03.0955 1872 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:49:03.0971 1872 spldr - ok
13:49:04.0002 1872 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:49:04.0002 1872 srv - ok
13:49:04.0018 1872 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:49:04.0018 1872 srv2 - ok
13:49:04.0049 1872 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:49:04.0049 1872 srvnet - ok
13:49:04.0064 1872 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:49:04.0064 1872 stexstor - ok
13:49:04.0080 1872 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:49:04.0080 1872 swenum - ok
13:49:04.0158 1872 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:49:04.0174 1872 Tcpip - ok
13:49:04.0205 1872 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:49:04.0205 1872 TCPIP6 - ok
13:49:04.0236 1872 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:49:04.0236 1872 tcpipreg - ok
13:49:04.0252 1872 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:49:04.0252 1872 TDPIPE - ok
13:49:04.0267 1872 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:49:04.0267 1872 TDTCP - ok
13:49:04.0283 1872 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:49:04.0283 1872 tdx - ok
13:49:04.0283 1872 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:49:04.0283 1872 TermDD - ok
13:49:04.0330 1872 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:49:04.0330 1872 tssecsrv - ok
13:49:04.0345 1872 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:49:04.0345 1872 TsUsbFlt - ok
13:49:04.0361 1872 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:49:04.0361 1872 TsUsbGD - ok
13:49:04.0392 1872 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:49:04.0392 1872 tunnel - ok
13:49:04.0408 1872 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:49:04.0408 1872 uagp35 - ok
13:49:04.0408 1872 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:49:04.0423 1872 udfs - ok
13:49:04.0439 1872 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:49:04.0439 1872 uliagpkx - ok
13:49:04.0439 1872 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:49:04.0439 1872 umbus - ok
13:49:04.0454 1872 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:49:04.0454 1872 UmPass - ok
13:49:04.0470 1872 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
13:49:04.0486 1872 usbccgp - ok
13:49:04.0501 1872 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:49:04.0501 1872 usbcir - ok
13:49:04.0501 1872 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
13:49:04.0501 1872 usbehci - ok
13:49:04.0517 1872 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
13:49:04.0517 1872 usbhub - ok
13:49:04.0548 1872 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
13:49:04.0548 1872 usbohci - ok
13:49:04.0579 1872 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:49:04.0579 1872 usbprint - ok
13:49:04.0626 1872 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:49:04.0626 1872 usbscan - ok
13:49:04.0657 1872 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:49:04.0657 1872 USBSTOR - ok
13:49:04.0657 1872 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
13:49:04.0657 1872 usbuhci - ok
13:49:04.0673 1872 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:49:04.0673 1872 vdrvroot - ok
13:49:04.0688 1872 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:49:04.0688 1872 vga - ok
13:49:04.0704 1872 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:49:04.0704 1872 VgaSave - ok
13:49:04.0720 1872 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:49:04.0720 1872 vhdmp - ok
13:49:04.0735 1872 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:49:04.0735 1872 viaide - ok
13:49:04.0735 1872 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:49:04.0735 1872 volmgr - ok
13:49:04.0751 1872 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:49:04.0751 1872 volmgrx - ok
13:49:04.0782 1872 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:49:04.0782 1872 volsnap - ok
13:49:04.0798 1872 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:49:04.0798 1872 vsmraid - ok
13:49:04.0813 1872 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:49:04.0813 1872 vwifibus - ok
13:49:04.0813 1872 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:49:04.0813 1872 vwififlt - ok
13:49:04.0844 1872 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:49:04.0844 1872 WacomPen - ok
13:49:04.0860 1872 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:49:04.0860 1872 WANARP - ok
13:49:04.0860 1872 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:49:04.0860 1872 Wanarpv6 - ok
13:49:04.0891 1872 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:49:04.0891 1872 Wd - ok
13:49:04.0907 1872 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:49:04.0907 1872 Wdf01000 - ok
13:49:04.0954 1872 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:49:04.0954 1872 WfpLwf - ok
13:49:04.0985 1872 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:49:04.0985 1872 WIMMount - ok
13:49:05.0016 1872 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:49:05.0016 1872 WmiAcpi - ok
13:49:05.0063 1872 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:49:05.0063 1872 ws2ifsl - ok
13:49:05.0094 1872 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:49:05.0094 1872 WudfPf - ok
13:49:05.0125 1872 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:49:05.0125 1872 WUDFRd - ok
13:49:05.0172 1872 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:49:05.0188 1872 \Device\Harddisk0\DR0 - ok
13:49:05.0203 1872 Boot (0x1200) (b4912291b4d5407087770f1b66fd5042) \Device\Harddisk0\DR0\Partition0
13:49:05.0203 1872 \Device\Harddisk0\DR0\Partition0 - ok
13:49:05.0203 1872 Boot (0x1200) (9a7c63ca8894d5c9a668e0d2795a2736) \Device\Harddisk0\DR0\Partition1
13:49:05.0203 1872 \Device\Harddisk0\DR0\Partition1 - ok
13:49:05.0203 1872 ============================================================
13:49:05.0203 1872 Scan finished
13:49:05.0203 1872 ============================================================
13:49:05.0219 0204 Detected object count: 0
13:49:05.0219 0204 Actual detected object count: 0
13:49:36.0843 2012 Deinitialize success


aswMRR.exe:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-17 13:49:46
-----------------------------
13:49:46.150 OS Version: Windows x64 6.1.7601 Service Pack 1
13:49:46.150 Number of processors: 4 586 0x2505
13:49:46.150 ComputerName: SOUXIONG-PC UserName: Sou Xiong
13:49:48.287 Initialize success
13:51:49.352 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:51:49.352 Disk 0 Vendor: ST3750528AS CC46 Size: 715404MB BusType: 3
13:51:49.368 Disk 0 MBR read successfully
13:51:49.383 Disk 0 MBR scan
13:51:49.383 Disk 0 Windows 7 default MBR code
13:51:49.383 Service scanning
13:51:50.382 Modules scanning
13:51:50.382 Scan finished successfully
13:52:42.064 Disk 0 MBR has been saved successfully to "C:\Users\Sou Xiong\Desktop\MBR.dat"
13:52:42.064 The log file has been saved successfully to "C:\Users\Sou Xiong\Desktop\aswMBR.txt"


Malwarebyes'Anti-Malware:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8388

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/17/2011 1:55:01 PM
mbam-log-2011-12-17 (13-55-01).txt

Scan type: Quick scan
Objects scanned: 168669
Time elapsed: 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL:

OTL logfile created on: 12/17/2011 2:05:09 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sou Xiong\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 4.68 Gb Available Physical Memory | 80.68% Memory free
11.61 Gb Paging File | 10.42 Gb Available in Paging File | 89.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.72 Gb Total Space | 664.55 Gb Free Space | 96.49% Space Free | Partition Type: NTFS
Drive D: | 9.88 Gb Total Space | 4.09 Gb Free Space | 41.44% Space Free | Partition Type: NTFS

Computer Name: SOUXIONG-PC | User Name: Sou Xiong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/17 14:03:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sou Xiong\Desktop\OTL.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/07 03:16:28 | 000,411,192 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 03:16:27 | 003,767,864 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 03:14:56 | 000,122,952 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 03:14:55 | 000,222,280 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 03:14:53 | 001,746,504 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/23 16:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/30 11:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 11:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/21 16:31:18 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/30 06:56:34 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/16 02:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sou Xiong\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sou Xiong\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/15 19:24:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/15 19:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sou Xiong\AppData\Roaming\Mozilla\Extensions
[2011/12/15 19:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/20 20:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/20 17:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/20 17:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Sou Xiong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Sou Xiong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Sou Xiong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/12/17 13:32:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15862262-28BD-456E-B214-47478D9C9B33}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/17 14:03:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sou Xiong\Desktop\OTL.exe
[2011/12/17 13:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/17 13:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/17 13:44:35 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sou Xiong\Desktop\aswMBR.exe
[2011/12/17 13:44:29 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sou Xiong\Desktop\tdsskiller.exe
[2011/12/17 13:33:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/17 13:32:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/17 13:28:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/17 13:28:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/17 13:28:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/17 13:28:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/17 13:19:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/17 13:05:44 | 004,341,982 | R--- | C] (Swearware) -- C:\Users\Sou Xiong\Desktop\ComboFix.exe
[2011/12/17 12:08:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/12/17 12:08:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/12/16 15:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/12/16 14:06:16 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/16 13:26:41 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\CrashDumps
[2011/12/16 13:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/16 13:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/16 12:56:02 | 000,000,000 | ---D | C] -- C:\temp
[2011/12/16 12:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/12/16 12:42:23 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Tific
[2011/12/15 22:18:55 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Malwarebytes
[2011/12/15 22:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/15 22:18:48 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/15 22:18:15 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sou Xiong\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/15 21:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/12/15 21:14:00 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\NPE
[2011/12/15 21:09:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/12/15 21:08:56 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\Documents\Symantec
[2011/12/15 21:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/12/15 20:47:52 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2011/12/15 20:47:52 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2011/12/15 20:47:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/12/15 20:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DW
[2011/12/15 20:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2011/12/15 20:47:32 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\InstallShield
[2011/12/15 20:45:41 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\Desktop\Music
[2011/12/15 20:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/12/15 20:11:59 | 000,000,000 | ---D | C] -- C:\Macromedia
[2011/12/15 19:29:26 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Google
[2011/12/15 19:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/12/15 19:27:15 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/15 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Mozilla
[2011/12/15 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\Mozilla
[2011/12/15 19:24:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/12/15 19:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/12/15 19:22:12 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\Google
[2011/12/15 19:22:09 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/15 19:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/12/15 19:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/12/15 19:22:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/12/15 19:22:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/15 19:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2011/12/15 19:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/12/15 19:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2011/12/15 19:06:30 | 000,000,000 | ---D | C] -- C:\Intel
[2011/12/15 19:06:28 | 009,014,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2011/12/15 19:06:28 | 005,957,632 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2011/12/15 19:06:28 | 000,550,912 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2011/12/15 19:06:28 | 000,509,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2011/12/15 19:06:28 | 000,410,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2011/12/15 19:06:28 | 000,377,856 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2011/12/15 19:06:28 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2011/12/15 19:06:28 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2011/12/15 19:06:28 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2011/12/15 19:06:28 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2011/12/15 19:06:28 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2011/12/15 19:06:28 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2011/12/15 19:06:28 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2011/12/15 19:06:28 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2011/12/15 19:06:28 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2011/12/15 19:06:28 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2011/12/15 19:06:28 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2011/12/15 19:06:28 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2011/12/15 19:06:28 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2011/12/15 19:06:28 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2011/12/15 19:06:28 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2011/12/15 19:06:28 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2011/12/15 19:06:28 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2011/12/15 19:06:28 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2011/12/15 19:06:28 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2011/12/15 19:06:28 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2011/12/15 19:06:28 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2011/12/15 19:06:28 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2011/12/15 19:06:28 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2011/12/15 19:06:28 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2011/12/15 19:06:28 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2011/12/15 19:06:28 | 000,281,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2011/12/15 19:06:28 | 000,281,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2011/12/15 19:06:28 | 000,268,800 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2011/12/15 19:06:28 | 000,248,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2011/12/15 19:06:28 | 000,244,736 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys
[2011/12/15 19:06:28 | 000,226,304 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2011/12/15 19:06:28 | 000,222,744 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2011/12/15 19:06:28 | 000,166,424 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2011/12/15 19:06:28 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2011/12/15 19:06:28 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2011/12/15 19:06:28 | 000,091,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2008.dll
[2011/12/15 19:06:28 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2011/12/15 19:06:28 | 000,059,392 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\oemdspif.dll
[2011/12/15 19:06:28 | 000,027,648 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2011/12/15 19:06:28 | 000,014,848 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\IntcDAuC.dll
[2011/12/15 19:06:28 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2011/12/15 19:06:27 | 008,129,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig4icd64.dll
[2011/12/15 19:06:27 | 007,778,176 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2011/12/15 19:06:27 | 006,060,032 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ig4icd32.dll
[2011/12/15 19:06:27 | 005,507,584 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig4dev64.dll
[2011/12/15 19:06:27 | 004,490,752 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2011/12/15 19:06:27 | 004,088,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2011/12/15 19:06:27 | 004,069,888 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ig4dev32.dll
[2011/12/15 19:06:27 | 003,888,640 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2011/12/15 19:06:27 | 003,126,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2011/12/15 19:06:27 | 000,390,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2011/12/15 19:06:27 | 000,119,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2011/12/15 19:06:27 | 000,108,544 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2011/12/15 18:55:16 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/15 18:55:16 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/15 18:55:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/15 18:55:16 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/15 18:55:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/15 18:55:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/15 18:55:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/15 18:54:42 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/12/15 18:54:42 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/12/15 18:54:42 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/12/15 18:54:42 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/12/15 18:54:42 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/12/15 18:54:42 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/12/15 18:54:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/12/15 18:54:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/12/15 18:54:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/12/15 18:54:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/12/15 18:54:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/12/15 18:54:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/12/15 18:54:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/12/15 18:54:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/12/15 18:54:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/12/15 18:54:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/12/15 18:54:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/15 18:54:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/15 18:54:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/15 18:54:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/15 18:54:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/15 18:54:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/15 18:54:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/12/15 18:54:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/12/15 18:54:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/12/15 18:54:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/15 18:54:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/15 18:54:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/12/15 18:54:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/12/15 18:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/12/15 18:54:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/12/15 18:54:39 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/12/15 18:54:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/12/15 18:54:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/12/15 18:54:38 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/12/15 18:54:38 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/12/15 18:54:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/12/15 18:54:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/12/15 18:54:38 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/12/15 18:54:38 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/12/15 18:54:38 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/12/15 18:54:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/12/15 18:54:38 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/12/15 18:54:33 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/12/15 18:54:33 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/12/15 18:54:33 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/12/15 18:54:33 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/12/15 18:54:33 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/12/15 18:54:33 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/12/15 18:54:33 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/12/15 18:54:33 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/12/15 18:54:33 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/12/15 18:54:33 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/12/15 18:54:33 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/12/15 18:54:33 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/12/15 18:54:33 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/12/15 18:54:31 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/12/15 18:54:31 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/12/15 18:54:29 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/12/15 18:54:29 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/12/15 18:54:29 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/12/15 18:54:29 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/12/15 18:54:27 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/12/15 18:54:27 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/12/15 18:54:27 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2011/12/15 18:54:27 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2011/12/15 18:54:27 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/12/15 18:54:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/12/15 18:54:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/12/15 18:54:26 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/12/15 18:54:26 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/12/15 18:54:26 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/12/15 18:54:25 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/15 18:54:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/15 18:54:25 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/12/15 18:54:25 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/12/15 18:54:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/12/15 18:54:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/15 18:54:23 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/12/15 18:53:47 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/12/15 18:53:47 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/12/15 18:53:47 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/12/15 18:53:46 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/12/15 18:53:46 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/12/15 18:53:22 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/15 18:53:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/15 18:49:41 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Macromedia
[2011/12/15 18:49:41 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Adobe
[2011/12/15 18:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2011/12/15 18:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/12/15 18:48:36 | 000,000,000 | ---D | C] -- C:\Windows\Dell
[2011/12/15 18:48:21 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/12/15 18:48:17 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\Downloaded Installations
[2011/12/15 18:47:57 | 000,000,000 | ---D | C] -- C:\dell
[2011/12/15 18:12:11 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\Diagnostics
[2011/12/15 17:26:37 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/12/15 17:26:37 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Searches
[2011/12/15 17:26:37 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/12/15 17:26:37 | 000,000,000 | -H-D | C] -- C:\Users\Sou Xiong\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/12/15 17:26:29 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Identities
[2011/12/15 17:26:28 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Contacts
[2011/12/15 17:26:26 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\VirtualStore
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\AppData\Local\Temporary Internet Files
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Templates
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Start Menu
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\SendTo
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Recent
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\PrintHood
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\NetHood
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Documents\My Videos
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Documents\My Pictures
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Documents\My Music
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\My Documents
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Local Settings
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\AppData\Local\History
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Cookies
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\Application Data
[2011/12/15 17:26:20 | 000,000,000 | -HSD | C] -- C:\Users\Sou Xiong\AppData\Local\Application Data
[2011/12/15 17:26:19 | 000,000,000 | --SD | C] -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Videos
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Saved Games
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Pictures
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Music
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Links
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Favorites
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Downloads
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Documents
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\Desktop
[2011/12/15 17:26:19 | 000,000,000 | R--D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/12/15 17:26:19 | 000,000,000 | -H-D | C] -- C:\Users\Sou Xiong\AppData
[2011/12/15 17:26:19 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\Temp
[2011/12/15 17:26:19 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Local\Microsoft
[2011/12/15 17:26:19 | 000,000,000 | ---D | C] -- C:\Users\Sou Xiong\AppData\Roaming\Media Center Programs
[2011/12/15 17:26:15 | 000,000,000 | ---D | C] -- C:\Recovery
[2011/12/15 17:26:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/12/15 17:10:57 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/12/15 17:10:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/12/15 17:10:02 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/12/15 17:09:48 | 000,000,000 | ---D | C] -- C:\Boot
[2011/12/15 17:09:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM
[2011/12/15 17:09:31 | 000,000,000 | ---D | C] -- C:\Hotfix
[2011/12/15 17:09:31 | 000,000,000 | ---D | C] -- C:\Drivers

========== Files - Modified Within 30 Days ==========

[2011/12/17 14:03:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sou Xiong\Desktop\OTL.exe
[2011/12/17 14:02:23 | 000,219,343 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\Untitled.jpg
[2011/12/17 13:53:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 13:52:42 | 000,000,512 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\MBR.dat
[2011/12/17 13:47:15 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 13:47:15 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 13:44:40 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sou Xiong\Desktop\aswMBR.exe
[2011/12/17 13:44:36 | 000,745,136 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/17 13:44:36 | 000,638,330 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/17 13:44:36 | 000,110,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/17 13:44:34 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sou Xiong\Desktop\tdsskiller.exe
[2011/12/17 13:40:19 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/17 13:40:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/17 13:40:03 | 378,888,191 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/17 13:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/17 13:32:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/17 13:30:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3294813628-113654155-1447036474-1000UA.job
[2011/12/17 13:05:40 | 004,341,982 | R--- | M] (Swearware) -- C:\Users\Sou Xiong\Desktop\ComboFix.exe
[2011/12/16 19:30:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3294813628-113654155-1447036474-1000Core.job
[2011/12/16 14:13:30 | 000,001,366 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\Norton Installation Files.lnk
[2011/12/16 13:25:59 | 000,017,408 | ---- | M] () -- C:\Users\Sou Xiong\AppData\Local\WebpageIcons.db
[2011/12/16 13:24:14 | 001,306,824 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/16 13:07:46 | 000,512,992 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\sdsetup_revwire207.exe
[2011/12/15 22:18:31 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sou Xiong\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/15 19:29:23 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/15 19:27:16 | 000,002,335 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\Google Chrome.lnk
[2011/12/15 19:25:39 | 000,001,102 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\Documents.lnk
[2011/12/15 19:24:31 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/15 19:23:41 | 000,000,355 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\Computer.lnk
[2011/12/15 19:16:00 | 000,016,252 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2011/12/15 19:11:18 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/15 19:08:39 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2011/12/15 17:44:23 | 000,001,437 | ---- | M] () -- C:\Users\Sou Xiong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/15 17:26:40 | 000,000,868 | ---- | M] () -- C:\Users\Sou Xiong\Desktop\Downloads.lnk
[2011/12/15 17:13:13 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/12/15 17:13:13 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/12/15 17:11:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/12/15 17:09:50 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

========== Files Created - No Company Name ==========

[2011/12/17 14:02:23 | 000,219,343 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\Untitled.jpg
[2011/12/17 13:53:42 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 13:52:42 | 000,000,512 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\MBR.dat
[2011/12/17 13:28:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/17 13:28:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/17 13:28:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/17 13:28:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/17 13:28:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/16 13:25:56 | 000,017,408 | ---- | C] () -- C:\Users\Sou Xiong\AppData\Local\WebpageIcons.db
[2011/12/16 13:09:21 | 001,306,824 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/12/16 13:07:51 | 000,512,992 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\sdsetup_revwire207.exe
[2011/12/15 23:53:15 | 000,001,366 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\Norton Installation Files.lnk
[2011/12/15 20:47:52 | 000,021,666 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2011/12/15 20:47:52 | 000,009,128 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2011/12/15 19:27:16 | 000,002,335 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\Google Chrome.lnk
[2011/12/15 19:25:52 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3294813628-113654155-1447036474-1000UA.job
[2011/12/15 19:25:51 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3294813628-113654155-1447036474-1000Core.job
[2011/12/15 19:25:39 | 000,001,102 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\Documents.lnk
[2011/12/15 19:24:31 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/15 19:24:31 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/15 19:23:41 | 000,000,355 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\Computer.lnk
[2011/12/15 19:22:15 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/15 19:22:14 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/15 19:16:00 | 000,016,252 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2011/12/15 19:08:39 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2011/12/15 19:06:28 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2011/12/15 19:06:28 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/12/15 19:06:28 | 000,870,544 | ---- | C] () -- C:\Windows\SysNative\igkrng575.bin
[2011/12/15 19:06:28 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/12/15 19:06:28 | 000,205,824 | ---- | C] () -- C:\Windows\SysNative\iglhsip64.dll
[2011/12/15 19:06:28 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\iglhcp64.dll
[2011/12/15 19:06:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/12/15 19:06:28 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2011/12/15 19:06:28 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2011/12/15 19:06:28 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2011/12/15 19:06:28 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/12/15 19:06:28 | 000,050,036 | ---- | C] () -- C:\Windows\SysNative\igfcg575m.bin
[2011/12/15 19:06:28 | 000,005,144 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2011/12/15 19:06:28 | 000,001,090 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2011/12/15 19:06:27 | 000,187,765 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2011/12/15 19:06:27 | 000,176,490 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2011/12/15 19:06:27 | 000,163,560 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2011/12/15 19:06:27 | 000,152,600 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2011/12/15 19:06:27 | 000,138,088 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2011/12/15 19:06:27 | 000,134,602 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2011/12/15 19:06:27 | 000,131,904 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2011/12/15 19:06:27 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/12/15 19:06:27 | 000,127,896 | ---- | C] () -- C:\Windows\SysNative\igcompkrng575.bin
[2011/12/15 19:06:27 | 000,123,747 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2011/12/15 19:06:27 | 000,121,451 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2011/12/15 19:06:27 | 000,121,132 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2011/12/15 19:06:27 | 000,120,882 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2011/12/15 19:06:27 | 000,119,326 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2011/12/15 19:06:27 | 000,118,949 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2011/12/15 19:06:27 | 000,118,569 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2011/12/15 19:06:27 | 000,117,762 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2011/12/15 19:06:27 | 000,117,737 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2011/12/15 19:06:27 | 000,117,527 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2011/12/15 19:06:27 | 000,117,229 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2011/12/15 19:06:27 | 000,116,944 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2011/12/15 19:06:27 | 000,116,868 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2011/12/15 19:06:27 | 000,116,629 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2011/12/15 19:06:27 | 000,116,230 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2011/12/15 19:06:27 | 000,113,040 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2011/12/15 19:06:27 | 000,112,529 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2011/12/15 19:06:27 | 000,112,445 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2011/12/15 19:06:27 | 000,108,405 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2011/12/15 19:06:27 | 000,102,229 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2011/12/15 19:06:27 | 000,101,113 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2011/12/15 19:06:27 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2011/12/15 17:44:23 | 000,001,437 | ---- | C] () -- C:\Users\Sou Xiong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/15 17:26:41 | 000,001,409 | ---- | C] () -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/12/15 17:26:38 | 000,001,443 | ---- | C] () -- C:\Users\Sou Xiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/12/15 17:26:37 | 000,000,868 | ---- | C] () -- C:\Users\Sou Xiong\Desktop\Downloads.lnk
[2011/12/15 17:26:19 | 000,000,290 | ---- | C] () -- C:\Users\Sou Xiong\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/15 17:26:19 | 000,000,272 | ---- | C] () -- C:\Users\Sou Xiong\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/12/15 17:13:03 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/15 17:13:01 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/15 17:11:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/12/15 17:10:27 | 378,888,191 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/15 17:09:50 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011/12/15 17:09:48 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/12/15 17:09:32 | 000,000,028 | RH-- | C] () -- C:\Windows\version
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


OTL #2:

OTL Extras logfile created on: 12/17/2011 2:05:09 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sou Xiong\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 4.68 Gb Available Physical Memory | 80.68% Memory free
11.61 Gb Paging File | 10.42 Gb Available in Paging File | 89.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.72 Gb Total Space | 664.55 Gb Free Space | 96.49% Space Free | Partition Type: NTFS
Drive D: | 9.88 Gb Total Space | 4.09 Gb Free Space | 41.44% Space Free | Partition Type: NTFS

Computer Name: SOUXIONG-PC | User Name: Sou Xiong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D6E46FC2-B513-4B7D-8C8C-352F4735C541}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = DW 1525 Driver Installation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2011 5:26:36 PM | Computer Name = SouXiong-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 16.0.912.63, time
stamp: 0x4edf13ac Faulting module name: ole32.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0003bc21 Faulting process
id: 0x1044 Faulting application start time: 0x01ccbc394647fe4e Faulting application
path: C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Windows\syswow64\ole32.dll Report Id: a1f84b69-282c-11e1-b716-842b2ba45d62

Error - 12/16/2011 6:14:18 PM | Computer Name = SouXiong-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/16/2011 6:16:52 PM | Computer Name = SouXiong-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
correctly. The malformed string is 6368. The first DWORD in the Data section contains
the index value to the malformed string while the second and third DWORDs in the
Data section contain the last valid index values.

Error - 12/16/2011 6:16:52 PM | Computer Name = SouXiong-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 12/16/2011 6:16:55 PM | Computer Name = SouXiong-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
correctly. The malformed string is 6368. The first DWORD in the Data section contains
the index value to the malformed string while the second and third DWORDs in the
Data section contain the last valid index values.

Error - 12/17/2011 4:11:13 PM | Computer Name = SouXiong-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/17/2011 5:23:29 PM | Computer Name = SouXiong-PC | Source = Application Hang | ID = 1002
Description = The program InstStub.exe version 5.1.0.29 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 10b0 Start
Time: 01ccbd01e03d8b04 Termination Time: 9 Application Path: C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\5.1.0.29\InstStub.exe

Report
Id:

Error - 12/17/2011 5:29:35 PM | Computer Name = SouXiong-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/17/2011 5:33:35 PM | Computer Name = SouXiong-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/17/2011 5:41:56 PM | Computer Name = SouXiong-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/16/2011 4:03:56 PM | Computer Name = SouXiong-PC | Source = bowser | ID = 8003
Description =

Error - 12/16/2011 5:00:54 PM | Computer Name = SouXiong-PC | Source = bowser | ID = 8003
Description =

Error - 12/16/2011 5:48:53 PM | Computer Name = SouXiong-PC | Source = bowser | ID = 8003
Description =

Error - 12/16/2011 6:22:55 PM | Computer Name = SouXiong-PC | Source = bowser | ID = 8003
Description =

Error - 12/16/2011 7:30:58 PM | Computer Name = SouXiong-PC | Source = bowser | ID = 8003
Description =

Error - 12/17/2011 2:19:21 AM | Computer Name = SouXiong-PC | Source = bowser | ID = 8003
Description =

Error - 12/17/2011 4:42:28 PM | Computer Name = SouXiong-PC | Source = bowser | ID = 8003
Description =

Error - 12/17/2011 5:30:10 PM | Computer Name = SouXiong-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/17/2011 5:30:57 PM | Computer Name = SouXiong-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 12/17/2011 5:31:13 PM | Computer Name = SouXiong-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >


I have attached the JPEG of my Disk Management:

Attached Thumbnails

  • Untitled.jpg

  • 0

#4
RKinner
Posted 17 December 2011 - 04:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
DO NOT uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Ron
  • 0

#5
yuri_yuri
Posted 18 December 2011 - 01:39 AM

yuri_yuri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here are my additional logs:

TDSSKiller:


23:18:27.0481 2528 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
23:18:28.0011 2528 ============================================================
23:18:28.0011 2528 Current date / time: 2011/12/17 23:18:28.0011
23:18:28.0011 2528 SystemInfo:
23:18:28.0011 2528
23:18:28.0011 2528 OS Version: 6.1.7601 ServicePack: 1.0
23:18:28.0011 2528 Product type: Workstation
23:18:28.0011 2528 ComputerName: SOUXIONG-PC
23:18:28.0011 2528 UserName: Sou Xiong
23:18:28.0011 2528 Windows directory: C:\Windows
23:18:28.0011 2528 System windows directory: C:\Windows
23:18:28.0011 2528 Running under WOW64
23:18:28.0011 2528 Processor architecture: Intel x64
23:18:28.0011 2528 Number of processors: 4
23:18:28.0011 2528 Page size: 0x1000
23:18:28.0011 2528 Boot type: Normal boot
23:18:28.0011 2528 ============================================================
23:18:29.0790 2528 Initialize success
23:19:38.0488 1120 ============================================================
23:19:38.0488 1120 Scan started
23:19:38.0488 1120 Mode: Manual; SigCheck; TDLFS;
23:19:38.0488 1120 ============================================================
23:19:38.0800 1120 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:19:38.0862 1120 1394ohci - ok
23:19:38.0878 1120 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:19:38.0878 1120 ACPI - ok
23:19:38.0894 1120 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:19:38.0909 1120 AcpiPmi - ok
23:19:38.0956 1120 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:19:38.0987 1120 adp94xx - ok
23:19:39.0018 1120 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:19:39.0034 1120 adpahci - ok
23:19:39.0065 1120 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:19:39.0081 1120 adpu320 - ok
23:19:39.0143 1120 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:19:39.0174 1120 AFD - ok
23:19:39.0190 1120 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:19:39.0206 1120 agp440 - ok
23:19:39.0206 1120 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:19:39.0221 1120 aliide - ok
23:19:39.0252 1120 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:19:39.0252 1120 amdide - ok
23:19:39.0284 1120 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:19:39.0299 1120 AmdK8 - ok
23:19:39.0330 1120 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:19:39.0362 1120 AmdPPM - ok
23:19:39.0377 1120 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
23:19:39.0393 1120 amdsata - ok
23:19:39.0393 1120 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:19:39.0408 1120 amdsbs - ok
23:19:39.0440 1120 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
23:19:39.0440 1120 amdxata - ok
23:19:39.0502 1120 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:19:39.0564 1120 AppID - ok
23:19:39.0596 1120 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:19:39.0611 1120 arc - ok
23:19:39.0642 1120 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:19:39.0658 1120 arcsas - ok
23:19:39.0705 1120 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:19:39.0752 1120 AsyncMac - ok
23:19:39.0767 1120 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:19:39.0783 1120 atapi - ok
23:19:39.0876 1120 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
23:19:39.0923 1120 athr - ok
23:19:39.0954 1120 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:19:39.0970 1120 b06bdrv - ok
23:19:40.0017 1120 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:19:40.0048 1120 b57nd60a - ok
23:19:40.0079 1120 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:19:40.0126 1120 Beep - ok
23:19:40.0157 1120 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:19:40.0173 1120 blbdrive - ok
23:19:40.0188 1120 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:19:40.0220 1120 bowser - ok
23:19:40.0235 1120 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:19:40.0266 1120 BrFiltLo - ok
23:19:40.0266 1120 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:19:40.0282 1120 BrFiltUp - ok
23:19:40.0313 1120 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:19:40.0360 1120 Brserid - ok
23:19:40.0376 1120 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:19:40.0391 1120 BrSerWdm - ok
23:19:40.0422 1120 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:19:40.0422 1120 BrUsbMdm - ok
23:19:40.0469 1120 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:19:40.0469 1120 BrUsbSer - ok
23:19:40.0500 1120 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:19:40.0516 1120 BTHMODEM - ok
23:19:40.0547 1120 catchme - ok
23:19:40.0563 1120 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:19:40.0625 1120 cdfs - ok
23:19:40.0656 1120 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:19:40.0672 1120 cdrom - ok
23:19:40.0703 1120 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:19:40.0719 1120 circlass - ok
23:19:40.0766 1120 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:19:40.0781 1120 CLFS - ok
23:19:40.0797 1120 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:19:40.0812 1120 CmBatt - ok
23:19:40.0828 1120 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:19:40.0844 1120 cmdide - ok
23:19:40.0890 1120 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:19:40.0922 1120 CNG - ok
23:19:40.0937 1120 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:19:40.0937 1120 Compbatt - ok
23:19:40.0953 1120 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:19:40.0984 1120 CompositeBus - ok
23:19:41.0015 1120 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:19:41.0031 1120 crcdisk - ok
23:19:41.0046 1120 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:19:41.0093 1120 DfsC - ok
23:19:41.0109 1120 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:19:41.0140 1120 discache - ok
23:19:41.0156 1120 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:19:41.0156 1120 Disk - ok
23:19:41.0218 1120 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:19:41.0234 1120 drmkaud - ok
23:19:41.0280 1120 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:19:41.0296 1120 DXGKrnl - ok
23:19:41.0358 1120 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:19:41.0436 1120 ebdrv - ok
23:19:41.0452 1120 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:19:41.0468 1120 elxstor - ok
23:19:41.0514 1120 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:19:41.0546 1120 ErrDev - ok
23:19:41.0561 1120 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:19:41.0592 1120 exfat - ok
23:19:41.0608 1120 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:19:41.0639 1120 fastfat - ok
23:19:41.0655 1120 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:19:41.0670 1120 fdc - ok
23:19:41.0702 1120 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:19:41.0717 1120 FileInfo - ok
23:19:41.0733 1120 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:19:41.0780 1120 Filetrace - ok
23:19:41.0795 1120 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:19:41.0811 1120 flpydisk - ok
23:19:41.0826 1120 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:19:41.0842 1120 FltMgr - ok
23:19:41.0858 1120 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:19:41.0858 1120 FsDepends - ok
23:19:41.0873 1120 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:19:41.0889 1120 Fs_Rec - ok
23:19:41.0904 1120 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:19:41.0920 1120 fvevol - ok
23:19:41.0951 1120 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:19:41.0951 1120 gagp30kx - ok
23:19:42.0014 1120 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:19:42.0029 1120 hcw85cir - ok
23:19:42.0076 1120 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:19:42.0107 1120 HdAudAddService - ok
23:19:42.0123 1120 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:19:42.0138 1120 HDAudBus - ok
23:19:42.0154 1120 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:19:42.0201 1120 HidBatt - ok
23:19:42.0216 1120 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:19:42.0248 1120 HidBth - ok
23:19:42.0263 1120 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:19:42.0294 1120 HidIr - ok
23:19:42.0310 1120 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:19:42.0326 1120 HidUsb - ok
23:19:42.0357 1120 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:19:42.0372 1120 HpSAMD - ok
23:19:42.0388 1120 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:19:42.0435 1120 HTTP - ok
23:19:42.0450 1120 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:19:42.0466 1120 hwpolicy - ok
23:19:42.0482 1120 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:19:42.0497 1120 i8042prt - ok
23:19:42.0513 1120 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
23:19:42.0528 1120 iaStorV - ok
23:19:42.0700 1120 igfx (31d1aff484d8a0906cf8d44251ec390f) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:19:42.0872 1120 igfx - ok
23:19:42.0903 1120 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:19:42.0918 1120 iirsp - ok
23:19:42.0965 1120 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:19:42.0981 1120 IntcDAud - ok
23:19:42.0996 1120 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:19:42.0996 1120 intelide - ok
23:19:43.0012 1120 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:19:43.0028 1120 intelppm - ok
23:19:43.0059 1120 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:19:43.0090 1120 IpFilterDriver - ok
23:19:43.0106 1120 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:19:43.0121 1120 IPMIDRV - ok
23:19:43.0152 1120 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:19:43.0199 1120 IPNAT - ok
23:19:43.0230 1120 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:19:43.0246 1120 IRENUM - ok
23:19:43.0262 1120 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:19:43.0262 1120 isapnp - ok
23:19:43.0340 1120 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:19:43.0371 1120 iScsiPrt - ok
23:19:43.0449 1120 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
23:19:43.0480 1120 k57nd60a - ok
23:19:43.0496 1120 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:19:43.0511 1120 kbdclass - ok
23:19:43.0542 1120 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:19:43.0542 1120 kbdhid - ok
23:19:43.0574 1120 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:19:43.0589 1120 KSecDD - ok
23:19:43.0605 1120 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:19:43.0605 1120 KSecPkg - ok
23:19:43.0620 1120 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:19:43.0667 1120 ksthunk - ok
23:19:43.0698 1120 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:19:43.0730 1120 lltdio - ok
23:19:43.0745 1120 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:19:43.0761 1120 LSI_FC - ok
23:19:43.0792 1120 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:19:43.0808 1120 LSI_SAS - ok
23:19:43.0823 1120 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:19:43.0839 1120 LSI_SAS2 - ok
23:19:43.0870 1120 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:19:43.0886 1120 LSI_SCSI - ok
23:19:43.0901 1120 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:19:43.0932 1120 luafv - ok
23:19:43.0979 1120 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
23:19:43.0995 1120 MBAMProtector - ok
23:19:44.0010 1120 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:19:44.0010 1120 megasas - ok
23:19:44.0026 1120 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:19:44.0042 1120 MegaSR - ok
23:19:44.0073 1120 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:19:44.0104 1120 Modem - ok
23:19:44.0120 1120 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:19:44.0135 1120 monitor - ok
23:19:44.0166 1120 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:19:44.0182 1120 mouclass - ok
23:19:44.0213 1120 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:19:44.0244 1120 mouhid - ok
23:19:44.0244 1120 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:19:44.0260 1120 mountmgr - ok
23:19:44.0276 1120 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:19:44.0276 1120 mpio - ok
23:19:44.0307 1120 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:19:44.0369 1120 mpsdrv - ok
23:19:44.0385 1120 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:19:44.0416 1120 MRxDAV - ok
23:19:44.0447 1120 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:44.0463 1120 mrxsmb - ok
23:19:44.0478 1120 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:44.0494 1120 mrxsmb10 - ok
23:19:44.0510 1120 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:44.0525 1120 mrxsmb20 - ok
23:19:44.0541 1120 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:19:44.0541 1120 msahci - ok
23:19:44.0556 1120 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:19:44.0572 1120 msdsm - ok
23:19:44.0572 1120 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:19:44.0619 1120 Msfs - ok
23:19:44.0650 1120 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:19:44.0681 1120 mshidkmdf - ok
23:19:44.0681 1120 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:19:44.0697 1120 msisadrv - ok
23:19:44.0712 1120 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:19:44.0744 1120 MSKSSRV - ok
23:19:44.0775 1120 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:19:44.0806 1120 MSPCLOCK - ok
23:19:44.0822 1120 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:19:44.0868 1120 MSPQM - ok
23:19:44.0884 1120 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:19:44.0900 1120 MsRPC - ok
23:19:44.0915 1120 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:19:44.0931 1120 mssmbios - ok
23:19:44.0946 1120 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:19:44.0978 1120 MSTEE - ok
23:19:44.0993 1120 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:19:45.0009 1120 MTConfig - ok
23:19:45.0024 1120 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:19:45.0040 1120 Mup - ok
23:19:45.0102 1120 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:19:45.0118 1120 NativeWifiP - ok
23:19:45.0149 1120 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:19:45.0180 1120 NDIS - ok
23:19:45.0196 1120 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:19:45.0227 1120 NdisCap - ok
23:19:45.0274 1120 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:45.0321 1120 NdisTapi - ok
23:19:45.0336 1120 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:19:45.0368 1120 Ndisuio - ok
23:19:45.0383 1120 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:45.0414 1120 NdisWan - ok
23:19:45.0430 1120 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:19:45.0461 1120 NDProxy - ok
23:19:45.0477 1120 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:19:45.0508 1120 NetBIOS - ok
23:19:45.0539 1120 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:19:45.0555 1120 NetBT - ok
23:19:45.0602 1120 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:19:45.0602 1120 nfrd960 - ok
23:19:45.0633 1120 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:19:45.0664 1120 Npfs - ok
23:19:45.0680 1120 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:19:45.0711 1120 nsiproxy - ok
23:19:45.0758 1120 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
23:19:45.0804 1120 Ntfs - ok
23:19:45.0820 1120 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:19:45.0851 1120 Null - ok
23:19:45.0882 1120 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\drivers\nusb3hub.sys
23:19:45.0898 1120 nusb3hub - ok
23:19:45.0929 1120 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\drivers\nusb3xhc.sys
23:19:45.0945 1120 nusb3xhc - ok
23:19:45.0945 1120 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
23:19:45.0960 1120 nvraid - ok
23:19:45.0992 1120 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
23:19:46.0007 1120 nvstor - ok
23:19:46.0038 1120 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:19:46.0038 1120 nv_agp - ok
23:19:46.0070 1120 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:19:46.0085 1120 ohci1394 - ok
23:19:46.0101 1120 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:19:46.0116 1120 Parport - ok
23:19:46.0132 1120 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:19:46.0148 1120 partmgr - ok
23:19:46.0163 1120 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:19:46.0179 1120 pci - ok
23:19:46.0194 1120 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:19:46.0210 1120 pciide - ok
23:19:46.0226 1120 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:19:46.0241 1120 pcmcia - ok
23:19:46.0257 1120 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:19:46.0257 1120 pcw - ok
23:19:46.0304 1120 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:19:46.0335 1120 PEAUTH - ok
23:19:46.0366 1120 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:19:46.0413 1120 PptpMiniport - ok
23:19:46.0413 1120 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:19:46.0428 1120 Processor - ok
23:19:46.0475 1120 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:19:46.0506 1120 Psched - ok
23:19:46.0538 1120 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:19:46.0569 1120 ql2300 - ok
23:19:46.0584 1120 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:19:46.0600 1120 ql40xx - ok
23:19:46.0616 1120 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:19:46.0631 1120 QWAVEdrv - ok
23:19:46.0647 1120 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:19:46.0678 1120 RasAcd - ok
23:19:46.0709 1120 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:19:46.0787 1120 RasAgileVpn - ok
23:19:46.0787 1120 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:19:46.0834 1120 Rasl2tp - ok
23:19:46.0850 1120 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:19:46.0881 1120 RasPppoe - ok
23:19:46.0912 1120 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:19:46.0943 1120 RasSstp - ok
23:19:46.0974 1120 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:19:47.0006 1120 rdbss - ok
23:19:47.0021 1120 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:19:47.0037 1120 rdpbus - ok
23:19:47.0052 1120 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:19:47.0084 1120 RDPCDD - ok
23:19:47.0115 1120 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:19:47.0146 1120 RDPENCDD - ok
23:19:47.0162 1120 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:19:47.0193 1120 RDPREFMP - ok
23:19:47.0224 1120 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:19:47.0240 1120 RDPWD - ok
23:19:47.0271 1120 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:19:47.0286 1120 rdyboost - ok
23:19:47.0302 1120 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:19:47.0333 1120 rspndr - ok
23:19:47.0364 1120 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:19:47.0364 1120 sbp2port - ok
23:19:47.0396 1120 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:19:47.0427 1120 scfilter - ok
23:19:47.0427 1120 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:19:47.0458 1120 secdrv - ok
23:19:47.0489 1120 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:19:47.0489 1120 Serenum - ok
23:19:47.0520 1120 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:19:47.0536 1120 Serial - ok
23:19:47.0552 1120 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:19:47.0583 1120 sermouse - ok
23:19:47.0598 1120 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:19:47.0614 1120 sffdisk - ok
23:19:47.0630 1120 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:19:47.0645 1120 sffp_mmc - ok
23:19:47.0676 1120 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:19:47.0692 1120 sffp_sd - ok
23:19:47.0708 1120 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:19:47.0723 1120 sfloppy - ok
23:19:47.0739 1120 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:19:47.0754 1120 SiSRaid2 - ok
23:19:47.0770 1120 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:19:47.0786 1120 SiSRaid4 - ok
23:19:47.0801 1120 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:19:47.0832 1120 Smb - ok
23:19:47.0864 1120 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:19:47.0864 1120 spldr - ok
23:19:47.0910 1120 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:19:47.0926 1120 srv - ok
23:19:47.0942 1120 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:19:47.0973 1120 srv2 - ok
23:19:47.0988 1120 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:19:48.0004 1120 srvnet - ok
23:19:48.0020 1120 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:19:48.0035 1120 stexstor - ok
23:19:48.0066 1120 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:19:48.0066 1120 swenum - ok
23:19:48.0144 1120 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:19:48.0191 1120 Tcpip - ok
23:19:48.0238 1120 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:19:48.0269 1120 TCPIP6 - ok
23:19:48.0285 1120 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:19:48.0363 1120 tcpipreg - ok
23:19:48.0394 1120 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:19:48.0441 1120 TDPIPE - ok
23:19:48.0456 1120 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:19:48.0488 1120 TDTCP - ok
23:19:48.0503 1120 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:19:48.0534 1120 tdx - ok
23:19:48.0550 1120 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:19:48.0566 1120 TermDD - ok
23:19:48.0597 1120 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:19:48.0628 1120 tssecsrv - ok
23:19:48.0628 1120 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:19:48.0644 1120 TsUsbFlt - ok
23:19:48.0659 1120 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:19:48.0659 1120 TsUsbGD - ok
23:19:48.0675 1120 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:19:48.0706 1120 tunnel - ok
23:19:48.0737 1120 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:19:48.0737 1120 uagp35 - ok
23:19:48.0753 1120 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:19:48.0800 1120 udfs - ok
23:19:48.0831 1120 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:19:48.0831 1120 uliagpkx - ok
23:19:48.0846 1120 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:19:48.0862 1120 umbus - ok
23:19:48.0893 1120 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:19:48.0893 1120 UmPass - ok
23:19:48.0924 1120 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
23:19:48.0940 1120 usbccgp - ok
23:19:48.0956 1120 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:19:48.0971 1120 usbcir - ok
23:19:49.0002 1120 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
23:19:49.0018 1120 usbehci - ok
23:19:49.0049 1120 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
23:19:49.0096 1120 usbhub - ok
23:19:49.0127 1120 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
23:19:49.0143 1120 usbohci - ok
23:19:49.0190 1120 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:19:49.0205 1120 usbprint - ok
23:19:49.0252 1120 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:19:49.0283 1120 usbscan - ok
23:19:49.0299 1120 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:49.0299 1120 USBSTOR - ok
23:19:49.0314 1120 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
23:19:49.0330 1120 usbuhci - ok
23:19:49.0361 1120 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:19:49.0361 1120 vdrvroot - ok
23:19:49.0392 1120 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:49.0408 1120 vga - ok
23:19:49.0424 1120 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:19:49.0486 1120 VgaSave - ok
23:19:49.0502 1120 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:19:49.0517 1120 vhdmp - ok
23:19:49.0548 1120 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:19:49.0564 1120 viaide - ok
23:19:49.0580 1120 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:19:49.0595 1120 volmgr - ok
23:19:49.0611 1120 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:19:49.0626 1120 volmgrx - ok
23:19:49.0658 1120 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:19:49.0658 1120 volsnap - ok
23:19:49.0704 1120 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:19:49.0704 1120 vsmraid - ok
23:19:49.0736 1120 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:19:49.0782 1120 vwifibus - ok
23:19:49.0782 1120 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:19:49.0798 1120 vwififlt - ok
23:19:49.0860 1120 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:19:49.0876 1120 WacomPen - ok
23:19:49.0907 1120 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:49.0954 1120 WANARP - ok
23:19:49.0970 1120 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:50.0001 1120 Wanarpv6 - ok
23:19:50.0032 1120 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:19:50.0048 1120 Wd - ok
23:19:50.0063 1120 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:19:50.0079 1120 Wdf01000 - ok
23:19:50.0126 1120 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:19:50.0157 1120 WfpLwf - ok
23:19:50.0172 1120 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:19:50.0188 1120 WIMMount - ok
23:19:50.0204 1120 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:19:50.0219 1120 WmiAcpi - ok
23:19:50.0266 1120 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:19:50.0313 1120 ws2ifsl - ok
23:19:50.0344 1120 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:19:50.0375 1120 WudfPf - ok
23:19:50.0391 1120 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:50.0422 1120 WUDFRd - ok
23:19:50.0453 1120 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:19:50.0562 1120 \Device\Harddisk0\DR0 - ok
23:19:50.0578 1120 Boot (0x1200) (b4912291b4d5407087770f1b66fd5042) \Device\Harddisk0\DR0\Partition0
23:19:50.0594 1120 \Device\Harddisk0\DR0\Partition0 - ok
23:19:50.0594 1120 Boot (0x1200) (9a7c63ca8894d5c9a668e0d2795a2736) \Device\Harddisk0\DR0\Partition1
23:19:50.0594 1120 \Device\Harddisk0\DR0\Partition1 - ok
23:19:50.0594 1120 ============================================================
23:19:50.0594 1120 Scan finished
23:19:50.0594 1120 ============================================================
23:19:50.0609 1924 Detected object count: 0
23:19:50.0609 1924 Actual detected object count: 0
23:20:39.0744 2240 Deinitialize success

aswMBR.exe log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-17 23:20:48
-----------------------------
23:20:48.788 OS Version: Windows x64 6.1.7601 Service Pack 1
23:20:48.788 Number of processors: 4 586 0x2505
23:20:48.788 ComputerName: SOUXIONG-PC UserName: Sou Xiong
23:20:53.081 Initialize success
23:22:42.455 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:22:42.455 Disk 0 Vendor: ST3750528AS CC46 Size: 715404MB BusType: 3
23:22:42.486 Disk 0 MBR read successfully
23:22:42.486 Disk 0 MBR scan
23:22:42.486 Disk 0 Windows 7 default MBR code
23:22:42.486 Service scanning
23:22:43.640 Modules scanning
23:22:43.640 Disk 0 trace - called modules:
23:22:43.640 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:22:43.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800646e060]
23:22:43.656 3 CLASSPNP.SYS[fffff8800195d43f] -> nt!IofCallDriver -> [0xfffffa80061a8520]
23:22:43.656 5 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80061aa060]
23:22:43.671 Scan finished successfully
23:23:02.017 Disk 0 MBR has been saved successfully to "C:\Users\Sou Xiong\Desktop\MBR.dat"
23:23:02.017 The log file has been saved successfully to "C:\Users\Sou Xiong\Desktop\aswMBR.txt"

MBRCheck log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 580
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 180):
0x02A66000 \SystemRoot\system32\ntoskrnl.exe
0x02A1D000 \SystemRoot\system32\hal.dll
0x00BA7000 \SystemRoot\system32\kdcom.dll
0x00C1C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C6B000 \SystemRoot\system32\PSHED.dll
0x00C7F000 \SystemRoot\system32\CLFS.SYS
0x00CDD000 \SystemRoot\system32\CI.dll
0x00E3F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EF2000 \SystemRoot\system32\drivers\ACPI.sys
0x00F49000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F52000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F5C000 \SystemRoot\system32\drivers\pci.sys
0x00F8F000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F9C000 \SystemRoot\System32\drivers\partmgr.sys
0x00FB1000 \SystemRoot\system32\drivers\volmgr.sys
0x00D9D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC6000 \SystemRoot\system32\drivers\pciide.sys
0x00FCD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FDD000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF7000 \SystemRoot\system32\drivers\atapi.sys
0x00E00000 \SystemRoot\system32\drivers\ataport.SYS
0x00E2A000 \SystemRoot\system32\drivers\amdxata.sys
0x01051000 \SystemRoot\system32\drivers\fltmgr.sys
0x0109D000 \SystemRoot\system32\drivers\fileinfo.sys
0x01211000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010B1000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0110F000 \SystemRoot\System32\Drivers\cng.sys
0x013CF000 \SystemRoot\System32\drivers\pcw.sys
0x013E0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014BF000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01615000 \SystemRoot\System32\drivers\tcpip.sys
0x01819000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01863000 \SystemRoot\system32\drivers\volsnap.sys
0x018AF000 \SystemRoot\System32\Drivers\spldr.sys
0x018B7000 \SystemRoot\System32\drivers\rdyboost.sys
0x018F1000 \SystemRoot\System32\Drivers\mup.sys
0x01903000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0190C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01946000 \SystemRoot\system32\drivers\disk.sys
0x0195C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x019C2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019EC000 \SystemRoot\System32\Drivers\Null.SYS
0x019F5000 \SystemRoot\System32\Drivers\Beep.SYS
0x01600000 \SystemRoot\System32\drivers\vga.sys
0x0148B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015B2000 \SystemRoot\System32\drivers\watchdog.sys
0x015C2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015CB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015D4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015DD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01181000 \SystemRoot\system32\DRIVERS\tdx.sys
0x014B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C98000 \SystemRoot\system32\drivers\afd.sys
0x02D21000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D66000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D6F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D95000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02DAB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DBA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02DD5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02C68000 \SystemRoot\System32\drivers\discache.sys
0x02C77000 \SystemRoot\System32\Drivers\dfsc.sys
0x02DE9000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x011A3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x013EA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04827000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04017000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0410B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04151000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04162000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x041B8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0426E000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04200000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0420D000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x0425E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x041DC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04F92000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04FB6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04FE5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04800000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x011C9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x01200000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0400F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01000000 \SystemRoot\system32\DRIVERS\ks.sys
0x011E3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0504A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x050A4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x050B9000 \SystemRoot\system32\drivers\HdAudio.sys
0x05115000 \SystemRoot\system32\drivers\portcls.sys
0x05152000 \SystemRoot\system32\drivers\drmk.sys
0x05174000 \SystemRoot\system32\drivers\ksthunk.sys
0x0517A000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x051BB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x051C9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x051E2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x051EB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x051ED000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x05000000 \SystemRoot\System32\drivers\Dxapi.sys
0x0500C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0501A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05026000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0502F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x041F2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0198C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x019A7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00450000 \SystemRoot\System32\TSDDD.dll
0x006B0000 \SystemRoot\System32\cdd.dll
0x022C1000 \SystemRoot\system32\drivers\luafv.sys
0x022E4000 \SystemRoot\system32\drivers\WudfPf.sys
0x02305000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0231A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0236D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02380000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0287A000 \SystemRoot\system32\drivers\HTTP.sys
0x02943000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02961000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02979000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x029A6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02200000 \SystemRoot\system32\drivers\peauth.sys
0x02824000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0282F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02860000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03A27000 \SystemRoot\System32\DRIVERS\srv2.sys
0x03A90000 \SystemRoot\System32\DRIVERS\srv.sys
0x03B28000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x03B59000 \??\C:\Windows\system32\drivers\mbam.sys
0x03B63000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03BB9000 \??\C:\Users\SOUXIO~1\AppData\Local\Temp\aswMBR.sys
0x77370000 \Windows\System32\ntdll.dll
0x48440000 \Windows\System32\smss.exe
0xFF690000 \Windows\System32\apisetschema.dll
0xFF120000 \Windows\System32\autochk.exe
0xFF5B0000 \Windows\System32\usp10.dll
0xFF4A0000 \Windows\System32\msctf.dll
0xFF450000 \Windows\System32\ws2_32.dll
0xFF1F0000 \Windows\System32\iertutil.dll
0xFF110000 \Windows\System32\advapi32.dll
0xFF030000 \Windows\System32\oleaut32.dll
0xFEE50000 \Windows\System32\setupapi.dll
0xFEE40000 \Windows\System32\nsi.dll
0xFECC0000 \Windows\System32\urlmon.dll
0xFEC20000 \Windows\System32\comdlg32.dll
0xFEB80000 \Windows\System32\msvcrt.dll
0xFEB10000 \Windows\System32\gdi32.dll
0xFEAF0000 \Windows\System32\imagehlp.dll
0x77250000 \Windows\System32\kernel32.dll
0x77540000 \Windows\System32\normaliz.dll
0xFE9C0000 \Windows\System32\rpcrt4.dll
0xFDC30000 \Windows\System32\shell32.dll
0xFDC20000 \Windows\System32\lpk.dll
0x77150000 \Windows\System32\user32.dll
0xFDA10000 \Windows\System32\ole32.dll
0xFD970000 \Windows\System32\clbcatq.dll
0xFD840000 \Windows\System32\wininet.dll
0xFD810000 \Windows\System32\imm32.dll
0xFD790000 \Windows\System32\difxapi.dll
0xFD770000 \Windows\System32\sechost.dll
0xFD710000 \Windows\System32\Wldap32.dll
0xFD690000 \Windows\System32\shlwapi.dll
0x77530000 \Windows\System32\psapi.dll
0xFD5F0000 \Windows\System32\comctl32.dll
0xFD5B0000 \Windows\System32\cfgmgr32.dll
0xFD440000 \Windows\System32\crypt32.dll
0xFD3D0000 \Windows\System32\KernelBase.dll
0xFD3B0000 \Windows\System32\devobj.dll
0xFD370000 \Windows\System32\wintrust.dll
0xFD360000 \Windows\System32\msasn1.dll
0x76D60000 \Windows\SysWOW64\normaliz.dll

Processes (total 42):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
360 csrss.exe
420 C:\Windows\System32\wininit.exe
440 csrss.exe
476 C:\Windows\System32\services.exe
504 C:\Windows\System32\lsass.exe
512 C:\Windows\System32\lsm.exe
624 C:\Windows\System32\winlogon.exe
652 C:\Windows\System32\svchost.exe
728 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
300 C:\Windows\System32\svchost.exe
444 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\spoolsv.exe
1212 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\svchost.exe
1824 WUDFHost.exe
1280 C:\Windows\System32\taskhost.exe
1692 C:\Windows\System32\dwm.exe
976 C:\Windows\explorer.exe
1964 C:\Windows\System32\svchost.exe
2160 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
2244 C:\Windows\System32\igfxtray.exe
2260 C:\Windows\System32\hkcmd.exe
2268 C:\Windows\System32\igfxpers.exe
2336 C:\Windows\System32\igfxsrvc.exe
2448 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
2932 C:\Windows\System32\SearchIndexer.exe
1944 C:\Program Files\Windows Media Player\wmpnetwk.exe
3064 C:\Windows\System32\svchost.exe
1860 C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\chrome.exe
664 C:\Users\Sou Xiong\AppData\Local\Google\Chrome\Application\chrome.exe
2252 C:\Windows\System32\audiodg.exe
1920 C:\Windows\System32\SearchProtocolHost.exe
2512 C:\Windows\System32\SearchFilterHost.exe
2956 C:\Users\Sou Xiong\Desktop\MBRCheck.exe
824 C:\Windows\System32\conhost.exe
2408 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7ae00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: ST3750528AS, Rev: CC46

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Malwarebytes' Anti-Malware Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8391

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/17/2011 11:32:54 PM
mbam-log-2011-12-17 (23-32-54).txt

Scan type: Quick scan
Objects scanned: 168851
Time elapsed: 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
RKinner
Posted 18 December 2011 - 01:49 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Your logs are all clean. Are you still seeing tidserv?
  • 0

#7
yuri_yuri
Posted 18 December 2011 - 02:23 AM

yuri_yuri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yeah, I uninstalled and re installed Norton in case, and it just popped up right as it is still detecting Boot.Tidserv in my system. =(
  • 0

#8
RKinner
Posted 18 December 2011 - 02:46 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Insert the Windows 7 installation DVD and boot from your DVD drive. You may have to change the boot order through system BIOS to boot from your DVD.


Choose your default "Language," "Time" and "Keyboard Input" on the first window and click "Next."


Click on the "Repair Your Computer" option to gain access to the System Recovery window. Now choose "Command Prompt" Type with an Enter after each line:
bootrec  /FixMbr
bootrec  /FixBoot
exit
(I use two spaces in the code box so you can see where one space goes.) Pull the DVD out and let it boot normally. Does Norton still see the tidserv?
  • 0

#9
yuri_yuri
Posted 18 December 2011 - 07:24 PM

yuri_yuri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Command Prompt said that it did both successfully but unfortunately, Norton is still detecting tidserv.

Edited by yuri_yuri, 18 December 2011 - 07:25 PM.

  • 0

#10
RKinner
Posted 18 December 2011 - 09:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Could you make a screen print of the norton detection of tidserv and attach it to your next post?

http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Also when you ran aswMBR it created a file
C:\Users\Sou Xiong\Desktop\MBR.dat
could you rename it to SouMBR.txt and attach it to your next post?
  • 0

#11
yuri_yuri
Posted 18 December 2011 - 09:29 PM

yuri_yuri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here attached are the two screen shots of Norton, when I click on boot.tidserv then it shows the second screen, I took a screen shot of both screens.

Here attached is also the MBR.dat that I renamed to SouMRB.txt, I hope it's the right file because it's the only file with the .dat extension name so I belive I have the right one, please let me know if it's not the correct file, I'm getting a little confused because there's so much files. Thanks.

Attached Thumbnails

  • SouNorton.jpg

Attached Files


  • 0

#12
RKinner
Posted 18 December 2011 - 09:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I'm calling this one a new version. I'm thinking when you reloaded windows you broke the infection but left the partitions that it created and that is what Norton is seeing. When we did the screen shot of the Disk Manager we see several smaller partitions. One is labeled OEM Partition and the other has no label. A third (which may be legit is called Recovery Partition and is drive D: They aren't the sizes we are used to seeing which is why I think it's a new variation. We have a procedure for removing the extra partitions. It requires you to burn a CD and then boot off it. (The instructions say to burn two CDs but you have the Win7 Disk so you only need the GParted disk. Use the Win 7 disk anytime they want you to boot from the Windows 7 Recovery Environment) There is some risk that we may wind up with an unbootable computer that will need to be reloaded but I don't think that will happen. Doesn't really matter as a complete wipe (which you did not do last time but which GParted can do for you) and new install (you know how to do that) would be the next step since none of our tools see anything.

Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Windows 7 32-Bit (x86) Recovery Environment

Create a bootable CD, 1 for Gparted and 1 for the Windows 7 Recovery Enviroment, from the ISO images. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image
According to your logs, the partition that you want to delete is: 39M (If this doesn't help then go back in and delete the 2 M and then the 9.88GB one)

Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Now reboot from the Windows 7 Recovery Environment CD and execute the following commands:

  • bootrec /FixMbr
  • bootrec /FixBoot
  • exit

Once back in Windows.

Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Attach that file.

Ron
  • 0

#13
yuri_yuri
Posted 18 December 2011 - 11:05 PM

yuri_yuri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ron,

My disc that Dell sent out gives me the option to delete any partition drive so I don't have to use the GParted disk, right? I was able to remove the 2M drive using my disc. I spoke to a Dell representative a couple weeks ago, the 39M which is the OEM partition was set up by Dell for diagnostic reasons, I'm not sure if we should delete that drive? Also, the 9.88GB drive is my recovery drive but technically, if I already have the windows 7 disc, do I really need that drive? Therefore, according to the Dell representative, they created the 39M and the 9.88GB partition so I'm assuming it could have been the 2M drive which is the smallest partition that the virus created? Anyhow, after deleting the 2M drive with my disc, I rebooted my computer and Norton no longer detects the boot.tidserv virus. So it looks good for now, I'll wait a day or so it see if anything pops up. What are your recommendations from here?
  • 0

#14
RKinner
Posted 18 December 2011 - 11:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If deleting the 2M convinced Norton that Tidserv was gone then that's the solution. If it doesn't come back in a day or so I'd say it was gone for good. Since you have the disk you could delete the recovery partition and regain some space but it's not that big and you might misplace or scratch the disk so I would leave it as it is.

Once you decide it's gone you can run through my cleanup routine:

We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of any malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#15
yuri_yuri
Posted 20 December 2011 - 06:35 PM

yuri_yuri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Ron,

It's been 2 days and it looks like the virus is gone, Norton is no longer detecting anything. I want to THANK YOU VERY MUCH for all your help, quick replies, and getting this solved. Also, thanks for all your helpful tips!!! I know where to turn to if I ever need help with virus/malware issues! Thank you guys for running his forum and helping us with our computer problems.

Happy Holidays!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP