Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sirefef, Can't access internet even after formatting!


  • Please log in to reply

#1
ptrb

ptrb

    New Member

  • Member
  • Pip
  • 1 posts
My desktop PC was affected by Sirefef virus. After cleaning it with MSE and Avast, I couldn't connect to internet anymore neither using wireless nor cable.
I tried some solutions from net, they didn't work. Finally I decided to reinstall my windows and format all drives. Unfortunately, still I cannot connect. This seems very weird to me.
I need some help!

Here is the OTL file:


OTL logfile created on: 2/3/2013 4:17:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Payman\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 87.92% Memory free
15.93 Gb Paging File | 14.93 Gb Available in Paging File | 93.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.00 Gb Total Space | 177.35 Gb Free Space | 88.67% Space Free | Partition Type: NTFS
Drive E: | 1.21 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 7.48 Gb Total Space | 4.39 Gb Free Space | 58.70% Space Free | Partition Type: NTFS

Computer Name: PAYMAN-PC | User Name: Payman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/03 17:05:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Payman\Desktop\OTL.exe
PRC - [2012/01/27 17:40:46 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/01/21 08:35:24 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/01/21 08:35:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/01/21 08:35:08 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/12/26 20:53:00 | 000,076,960 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/03 16:05:44 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f1f0231b32dee581dcab0b26d83b02ca\IAStorUtil.ni.dll
MOD - [2013/02/03 16:05:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ca11c3c4c5560bf7aafa094599128200\IAStorCommon.ni.dll
MOD - [2010/11/20 19:49:18 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2010/11/20 19:49:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010/11/20 19:48:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010/11/20 19:48:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010/11/20 19:48:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010/11/20 19:48:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010/11/20 19:48:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010/11/20 19:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010/11/20 19:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/01/10 21:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/21 08:35:24 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/21 08:35:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/21 08:35:08 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/12/26 20:53:00 | 000,076,960 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/27 17:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/27 17:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/27 17:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/13 11:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/23 23:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/10 17:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/20 19:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 19:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 19:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)



O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F3836F0-3778-4A10-A959-9A610AD49E1E}: DhcpNameServer = 128.125.7.23 128.125.253.194 50.59.168.12 100.100.100.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/28 12:46:26 | 000,032,768 | R--- | M] (Dell Inc.) - E:\AUTORCD.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/01/11 15:51:40 | 000,000,049 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7397a949-6e59-11e2-b3d0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7397a949-6e59-11e2-b3d0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORCD.EXE -- [2009/10/28 12:46:26 | 000,032,768 | R--- | M] (Dell Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 16:17:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Payman\Desktop\OTL.exe
[2013/02/03 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Payman\Desktop\AntiVirus
[2013/02/03 16:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013/02/03 16:07:03 | 000,000,000 | ---D | C] -- C:\Users\Payman\AppData\Roaming\Intel Corporation
[2013/02/03 16:05:44 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013/02/03 16:03:55 | 000,000,000 | ---D | C] -- C:\Users\Payman\AppData\Roaming\InstallShield
[2013/02/03 15:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/02/03 15:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/02/03 15:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013/02/03 15:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/02/03 15:43:16 | 000,000,000 | ---D | C] -- C:\Intel
[2013/02/03 15:40:08 | 000,648,808 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/02/03 15:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/02/03 15:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net
[2013/02/03 15:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot
[2013/02/03 15:38:26 | 002,797,056 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013/02/03 15:38:26 | 002,797,056 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2013/02/03 15:38:26 | 000,442,528 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2013/02/03 15:38:26 | 000,063,648 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll
[2013/02/03 15:38:26 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2013/02/03 15:38:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO
[2013/02/03 15:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Wireless
[2013/02/03 15:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013/02/03 15:38:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/02/03 15:38:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/02/03 15:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2013/02/03 15:37:02 | 000,000,000 | ---D | C] -- C:\Dell
[2013/02/03 15:34:52 | 000,000,000 | R--D | C] -- C:\Users\Payman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/02/03 15:34:52 | 000,000,000 | R--D | C] -- C:\Users\Payman\Searches
[2013/02/03 15:34:52 | 000,000,000 | R--D | C] -- C:\Users\Payman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/02/03 15:34:52 | 000,000,000 | -H-D | C] -- C:\Users\Payman\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/02/03 15:34:44 | 000,000,000 | ---D | C] -- C:\Users\Payman\AppData\Roaming\Identities
[2013/02/03 15:34:43 | 000,000,000 | R--D | C] -- C:\Users\Payman\Contacts
[2013/02/03 15:34:42 | 000,000,000 | ---D | C] -- C:\Users\Payman\AppData\Local\VirtualStore
[2013/02/03 15:33:46 | 000,000,000 | --SD | C] -- C:\Users\Payman\AppData\Roaming\Microsoft
[2013/02/03 15:33:46 | 000,000,000 | R--D | C] -- C:\Users\Payman\Videos
[2013/02/03 15:33:46 | 000,000,000 | R--D | C] -- C:\Users\Payman\Saved Games
[2013/02/03 15:33:46 | 000,000,000 | R--D | C] -- C:\Users\Payman\Pictures
[2013/02/03 15:33:46 | 000,000,000 | R--D | C] -- C:\Users\Payman\Music
[2013/02/03 15:33:46 | 000,000,000 | R--D | C] -- C:\Users\Payman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/02/03 15:33:46 | 000,000,000 | R--D | C] -- C:\Users\Payman\Links
[2013/02/03 15:33:46 | 000,000,000 | R--D | C] -- C:\Users\Payman\Favorites
[2013/02/03 15:33:46 | 000,000,000 | R--D | C] -- C:\Users\Payman\Downloads
[2013/02/03 15:33:46 | 000,000,000 | R--D | C] -- C:\Users\Payman\Documents
[2013/02/03 15:33:46 | 000,000,000 | R--D | C] -- C:\Users\Payman\Desktop
[2013/02/03 15:33:46 | 000,000,000 | R--D | C] -- C:\Users\Payman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\AppData\Local\Temporary Internet Files
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\Templates
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\Start Menu
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\SendTo
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\Recent
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\PrintHood
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\NetHood
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\Documents\My Videos
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\Documents\My Pictures
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\Documents\My Music
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\My Documents
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\Local Settings
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\AppData\Local\History
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\Cookies
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\Application Data
[2013/02/03 15:33:46 | 000,000,000 | -HSD | C] -- C:\Users\Payman\AppData\Local\Application Data
[2013/02/03 15:33:46 | 000,000,000 | -H-D | C] -- C:\Users\Payman\AppData
[2013/02/03 15:33:46 | 000,000,000 | ---D | C] -- C:\Users\Payman\AppData\Local\Temp
[2013/02/03 15:33:46 | 000,000,000 | ---D | C] -- C:\Users\Payman\AppData\Local\Microsoft
[2013/02/03 15:33:46 | 000,000,000 | ---D | C] -- C:\Users\Payman\AppData\Roaming\Media Center Programs
[2013/02/03 15:33:25 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/02/03 15:33:20 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/02/03 15:29:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/02/03 15:28:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/02/03 15:28:22 | 000,000,000 | ---D | C] -- C:\Windows\Panther

========== Files - Modified Within 30 Days ==========

[2013/02/03 17:05:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Payman\Desktop\OTL.exe
[2013/02/03 16:16:17 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 16:16:17 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 16:13:20 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/03 16:13:20 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/03 16:13:20 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/03 16:09:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/03 16:09:03 | 2118,594,559 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/03 15:44:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013/02/03 15:38:53 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\asav.lnk
[2013/02/03 15:38:52 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\HotSpot.lnk
[2013/02/03 15:32:37 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/03 15:31:42 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/02/03 15:31:42 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/02/03 15:30:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2013/02/03 15:44:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013/02/03 15:43:44 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013/02/03 15:38:53 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\asav.lnk
[2013/02/03 15:38:52 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\HotSpot.lnk
[2013/02/03 15:38:26 | 000,018,199 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2013/02/03 15:38:26 | 000,008,318 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2013/02/03 15:34:57 | 000,001,413 | ---- | C] () -- C:\Users\Payman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/02/03 15:34:54 | 000,001,447 | ---- | C] () -- C:\Users\Payman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/02/03 15:33:46 | 000,000,290 | ---- | C] () -- C:\Users\Payman\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/02/03 15:33:46 | 000,000,272 | ---- | C] () -- C:\Users\Payman\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/02/03 15:31:33 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/02/03 15:31:24 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/02/03 15:30:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/02/03 15:28:48 | 2118,594,559 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 19:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 19:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >

Edited by ptrb, 03 February 2013 - 07:21 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP