Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

OTL log check [Closed]


  • This topic is locked This topic is locked

#1
Frifox

Frifox

    New Member

  • Member
  • Pip
  • 1 posts

hello :)

OTL logfile created on: 2014-10-26 12:11:44 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Unknown | Language: Unknown | Date Format: yyyy-MM-dd



7,90 Gb Total Physical Memory | 6,94 Gb Available Physical Memory | 87,76% Memory free

15,81 Gb Paging File | 14,84 Gb Available in Paging File | 93,86% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 51,37 Gb Total Space | 19,69 Gb Free Space | 38,34% Space Free | Partition Type: NTFS

Drive D: | 880,05 Gb Total Space | 377,91 Gb Free Space | 42,94% Space Free | Partition Type: NTFS



Computer Name: ADMIN-COMPUTER | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days



[color=#E56717]========== Processes (SafeList) ==========[/color]



PRC - [2014-10-26 19:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

PRC - [2013-09-12 11:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe





[color=#E56717]========== Modules (No Company Name) ==========[/color]





[color=#E56717]========== Services (SafeList) ==========[/color]



SRV:[b]64bit:[/b] - [2014-05-21 16:15:44 | 000,315,352 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)

SRV:[b]64bit:[/b] - [2013-09-12 11:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)

SRV:[b]64bit:[/b] - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2014-05-21 16:15:44 | 000,279,000 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2014-03-20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2012-07-08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012-04-24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)





[color=#E56717]========== Driver Services (SafeList) ==========[/color]



DRV:[b]64bit:[/b] - [2014-05-21 16:15:40 | 003,791,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:[b]64bit:[/b] - [2014-05-21 16:15:32 | 000,450,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:[b]64bit:[/b] - [2014-02-14 09:00:00 | 004,044,800 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:[b]64bit:[/b] - [2013-12-03 09:10:48 | 000,066,560 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ax88179_178a.sys -- (AX88179)

DRV:[b]64bit:[/b] - [2013-10-02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:[b]64bit:[/b] - [2013-09-17 15:48:30 | 000,795,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:[b]64bit:[/b] - [2013-09-17 15:48:30 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:[b]64bit:[/b] - [2013-09-17 14:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:[b]64bit:[/b] - [2013-09-17 14:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:[b]64bit:[/b] - [2013-09-17 14:17:38 | 000,157,432 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV:[b]64bit:[/b] - [2013-07-18 06:54:51 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:[b]64bit:[/b] - [2013-01-14 14:26:11 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:[b]64bit:[/b] - [2013-01-14 14:26:11 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:[b]64bit:[/b] - [2013-01-14 13:54:19 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:[b]64bit:[/b] - [2012-08-23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:[b]64bit:[/b] - [2012-08-23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:[b]64bit:[/b] - [2012-08-23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:[b]64bit:[/b] - [2011-11-15 11:24:20 | 000,313,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)

DRV:[b]64bit:[/b] - [2011-11-10 10:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)

DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)





[color=#E56717]========== Standard Registry (SafeList) ==========[/color]





[color=#E56717]========== Internet Explorer ==========[/color]



IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC













IE - HKU\S-1-5-21-2126603540-1107800002-806524194-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2126603540-1107800002-806524194-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2126603540-1107800002-806524194-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





[color=#E56717]========== FireFox ==========[/color]



FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()



64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2014-08-13 15:19:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-08-13 15:19:54 | 000,000,000 | ---D | M]





O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll File not found

O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2126603540-1107800002-806524194-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O13[b]64bit:[/b] - gopher Prefix: missing

O13 - gopher Prefix: missing

O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found

O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*

O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*

O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)



[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]



[2014-10-26 19:16:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2014-10-14 23:30:20 | 002,339,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2014-10-14 23:30:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2014-10-14 23:30:19 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2014-10-14 23:30:19 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2014-10-14 23:30:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2014-10-14 23:30:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2014-10-14 23:30:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2014-10-14 23:30:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2014-10-14 23:30:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2014-10-14 23:30:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2014-10-14 23:30:16 | 001,494,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2014-10-14 23:30:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2014-10-14 23:30:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2014-10-14 23:30:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2014-10-14 23:30:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2014-10-14 23:30:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2014-10-14 23:30:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2014-10-14 23:30:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2014-10-14 23:30:14 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2014-10-14 23:30:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2014-10-14 23:30:12 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

[2014-10-14 23:30:01 | 005,552,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2014-10-14 23:30:00 | 004,120,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll

[2014-10-14 23:30:00 | 003,975,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2014-10-14 23:30:00 | 003,919,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2014-10-14 23:30:00 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll

[2014-10-14 23:30:00 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll

[2014-10-14 23:29:59 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2014-10-14 23:29:59 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2014-10-14 23:29:59 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll

[2014-10-14 23:29:59 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2014-10-14 23:29:59 | 000,617,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2014-10-14 23:29:59 | 000,533,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2014-10-14 23:29:59 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll

[2014-10-14 23:29:59 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll

[2014-10-14 23:29:59 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll

[2014-10-14 23:29:59 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll

[2014-10-14 23:29:59 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2014-10-14 23:29:58 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2014-10-14 23:29:58 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2014-10-14 23:29:58 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll

[2014-10-14 23:29:58 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll

[2014-10-14 23:29:58 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll

[2014-10-14 23:29:58 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll

[2014-10-14 23:29:57 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2014-10-14 23:29:57 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll

[2014-10-14 23:29:57 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2014-10-14 23:29:57 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll

[2014-10-14 23:29:57 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe

[2014-10-14 23:29:57 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll

[2014-10-14 23:29:57 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll

[2014-10-14 23:29:57 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll

[2014-10-14 23:29:57 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll

[2014-10-14 23:29:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe

[2014-10-14 23:29:57 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll

[2014-10-14 23:29:57 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe

[2014-10-14 23:29:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe

[2014-10-14 23:29:57 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe

[2014-10-14 23:29:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll

[2014-10-14 23:29:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll

[2014-10-14 23:29:40 | 001,463,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2014-10-14 23:29:39 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll

[2014-10-14 23:29:39 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe

[2014-10-14 23:29:39 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll

[2014-10-14 23:29:39 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll

[2014-10-14 23:29:39 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2014-10-14 23:29:32 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2014-10-14 23:29:22 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2014-10-14 23:29:22 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll

[2014-10-14 23:29:22 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll

[2014-10-14 23:29:21 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2014-10-14 23:29:21 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll

[2014-10-14 23:29:21 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll

[2014-10-14 23:29:17 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll

[2014-10-14 23:29:17 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll

[2014-10-14 23:29:17 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll

[2014-10-14 23:29:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2014-10-14 23:29:16 | 006,584,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2014-10-14 23:29:16 | 005,703,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2014-10-04 23:59:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\vlc

[2014-10-04 23:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN



[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]



[2014-10-26 19:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2014-10-26 19:15:32 | 000,002,302 | -H-- | M] () -- C:\Users\Admin\Documents\Default.rdp

[2014-10-26 19:13:28 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014-10-26 19:13:28 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014-10-26 19:09:10 | 001,670,518 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014-10-26 19:09:10 | 000,740,672 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat

[2014-10-26 19:09:10 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014-10-26 19:09:10 | 000,156,214 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat

[2014-10-26 19:09:10 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014-10-26 19:03:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014-10-26 19:03:11 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys

[2014-10-19 18:50:47 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2014-10-19 18:50:47 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2014-10-14 23:39:05 | 000,267,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT



[color=#E56717]========== Files Created - No Company Name ==========[/color]



[2014-06-08 22:05:09 | 000,348,088 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll

[2014-06-08 22:05:08 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2014-06-08 22:05:08 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll

[2013-08-16 22:00:14 | 001,643,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI



[color=#E56717]========== ZeroAccess Check ==========[/color]



[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini



[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64



[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]



[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64



[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]



[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014-06-25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment



[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014-06-25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment



[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free



[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free



[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both



[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]



[color=#E56717]========== LOP Check ==========[/color]



[2013-05-21 17:09:20 | 000,000,000 | -HSD | M] -- C:\Users\Admin\AppData\Roaming\Common

[2014-10-23 01:38:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Free Download Manager

[2013-05-27 23:36:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFixer

[2013-08-24 01:04:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImgBurn

[2013-09-16 01:25:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera

[2014-06-20 00:48:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SumatraPDF

[2014-10-23 02:24:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent



[color=#E56717]========== Purity Check ==========[/color]







[color=#E56717]========== Custom Scans ==========[/color]



[color=#A23BEC]< C:\*.* >[/color]

[2014-10-26 19:03:11 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys

[2014-10-26 19:03:13 | 4192,579,583 | -HS- | M] () -- C:\pagefile.sys

[2009-07-14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2009-07-14 06:08:49 | 000,032,604 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT



[color=#A23BEC]< D:\*.* >[/color]



[color=#A23BEC]< E:\*.* >[/color]



[color=#A23BEC]< F:\*.* >[/color]



[color=#A23BEC]< G:\*.* >[/color]



[color=#A23BEC]< H:\*.* >[/color]



[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]



[color=#A23BEC]< %APPDATA%\*. >[/color]

[2013-04-21 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe

[2013-05-21 17:09:20 | 000,000,000 | -HSD | M] -- C:\Users\Admin\AppData\Roaming\Common

[2014-10-23 01:38:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Free Download Manager

[2013-05-27 23:36:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFixer

[2013-04-21 19:21:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities

[2013-08-24 01:04:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImgBurn

[2013-04-21 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia

[2013-05-27 15:58:47 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft

[2013-09-16 01:25:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera

[2014-06-20 00:48:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SumatraPDF

[2014-10-23 02:24:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent

[2014-10-26 04:52:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc

[2013-04-21 23:35:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR



[color=#A23BEC]< %SYSTEMDRIVE%\*. /mp /s >[/color]



[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]

[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys

[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys

[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys



[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]

[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys

[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys



[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]

[2013-01-14 13:38:22 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2013-01-14 13:38:22 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2013-01-14 13:38:22 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2013-01-14 13:38:22 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010-11-21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2013-01-14 13:38:22 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2013-01-14 13:38:22 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010-11-21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe



[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]

[2013-01-14 13:51:04 | 000,951,152 | ---- | M] (Microsoft Corporation) MD5=0FEB183E53C7080D65D459F841B9479E -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17715_none_05ee354c32adaafe\ndis.sys

[2013-01-14 13:51:04 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=14F747D6C991D016D0E1908B8524C754 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.21849_none_065b637b4be003f7\ndis.sys

[2013-01-14 14:08:57 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys

[2013-01-14 14:08:57 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys

[2013-01-14 14:08:57 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys

[2010-11-21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys



[color=#A23BEC]< MD5 for: NTFS.SYS >[/color]

[2010-11-21 04:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys

[2014-01-24 03:37:55 | 001,684,928 | ---- | M] (Microsoft Corporation) MD5=1A29A59A4C5BA6F8C85062A613B7E2B2 -- C:\Windows\SysNative\drivers\ntfs.sys

[2014-01-24 03:37:55 | 001,684,928 | ---- | M] (Microsoft Corporation) MD5=1A29A59A4C5BA6F8C85062A613B7E2B2 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18378_none_045a363833b85029\ntfs.sys

[2014-01-24 03:40:06 | 001,684,416 | ---- | M] (Microsoft Corporation) MD5=48B6047F82D5A8D0AEC71593F4ACD79B -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22580_none_04d102ad4ce53e53\ntfs.sys

[2013-01-14 14:26:11 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys

[2013-01-14 14:26:11 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys

[2013-04-12 15:16:02 | 001,686,888 | ---- | M] (Microsoft Corporation) MD5=A6AE4551BF8EED09FA3B6FCDF472F3E1 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_04cd2f154ce71430\ntfs.sys

[2013-01-14 14:14:09 | 001,687,408 | ---- | M] (Microsoft Corporation) MD5=B2746D84DDF68D09B41B72DF745CCBA6 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_052b7b9d4ca0cf8b\ntfs.sys

[2013-04-12 15:45:08 | 001,656,680 | ---- | M] (Microsoft Corporation) MD5=B98F8C6E31CD07B2E6F71F7F648E38C0 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_048f41be3390b0cf\ntfs.sys

[2013-01-14 14:14:09 | 001,659,760 | ---- | M] (Microsoft Corporation) MD5=E453ACF4E7D44E5530B5D5F2B9CA8563 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a\ntfs.sys



[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]

[2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009-07-14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009-07-14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe



[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]

[2010-11-21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010-11-21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010-11-21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010-11-21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe



[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]

[2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2014-03-04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe

[2014-03-04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe

[2014-07-17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe

[2014-07-17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe

[2014-07-16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe



[color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]

[2010-11-21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\system32\ws2_32.dll



[color=#A23BEC]< %systemroot%\system32\kernel32.dll /md5 >[/color]

[2014-03-04 10:16:17 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=76161B9D78A275F8F28DD67436013110 -- C:\Windows\system32\kernel32.dll



[color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]

[2010-11-21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\system32\user32.dll



[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]



[color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color]

[C:\Users\All Users] -> -> Unknown point type



< End of report >

thx in adv for checking :)


  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

Sorry it's taken so long to respond to your post. Sometimes we get very busy.

 

If you still require help, please perform the following scan and post the results. You don't have to put it in an a Quote Box, just cut and paste it from Notepad.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.


  • 0

#3
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP