Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Computer Running Extremely Slow...?

(In Progress)
(!)

emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,328 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
12-Sep-2012, 12:10 AM #16
Hello again originaltale,

You may have to disable your security programs to run these.

Now

Please download AdwCleaner from here to your desktop
  • Click on the green downward facing arrow on the right to commence download.
  • Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

Next

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you return please post
  • AdwCleaner log
  • MBAM report
originaltale's Avatar
originaltale originaltale is offline
Computer Specs
Member with 21 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
12-Sep-2012, 05:04 PM #17
AdwCleaner


# AdwCleaner v2.001 - Logfile created 09/12/2012 at 13:54:10
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Pony - PONY-PC
# Boot Mode : Normal
# Running from : C:\Users\Pony\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\ext ensions\bbrs_002@blabbers.com
Folder Deleted : C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\ext ensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\pre fs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1841 octets] - [12/09/2012 13:53:54]
AdwCleaner[S1].txt - [2075 octets] - [12/09/2012 13:54:10]

########## EOF - C:\AdwCleaner[S1].txt - [2135 octets] ##########
originaltale's Avatar
originaltale originaltale is offline
Computer Specs
Member with 21 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
12-Sep-2012, 05:21 PM #18
Malwarebytes:


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pony :: PONY-PC [administrator]

9/12/2012 2:08:40 PM
mbam-log-2012-09-12 (14-08-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212916
Time elapsed: 11 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,328 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
12-Sep-2012, 07:53 PM #19
Hello originaltale,

Please run OTL again. Also, when you return tell me how your computer is now.
  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
originaltale's Avatar
originaltale originaltale is offline
Computer Specs
Member with 21 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
12-Sep-2012, 08:08 PM #20
OTL logfile created on: 9/12/2012 4:56:09 PM - Run 2
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Pony\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 33.84% Memory free
7.81 Gb Paging File | 4.77 Gb Available in Paging File | 61.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 125.03 Gb Total Space | 71.40 Gb Free Space | 57.10% Space Free | Partition Type: NTFS
Drive D: | 148.06 Gb Total Space | 147.96 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: PONY-PC | User Name: Pony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/11 19:49:28 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Pony\Desktop\OTL (1).exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012/06/04 18:07:42 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/12/06 17:21:36 | 000,101,544 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/12/06 17:21:34 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2011/11/30 18:10:34 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
PRC - [2011/11/30 18:10:32 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2011/10/18 19:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011/10/03 16:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/10/03 12:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
PRC - [2011/07/21 16:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/10/07 15:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/07/09 23:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/06/19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/06 17:21:34 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2007/07/12 12:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/03/03 17:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/10 16:15:29 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/08/02 12:36:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe -- (NAV)
SRV - [2011/11/30 18:10:32 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/05 19:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 19:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/06 21:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2012/05/21 18:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/05/04 15:56:11 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/04/17 19:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 18:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:09:48 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/03 03:09:22 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/11/03 02:41:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/03 02:41:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/04 00:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/10/03 19:48:40 | 000,394,728 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/10/03 19:48:38 | 000,129,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/08/15 23:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/05 05:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/25 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/24 02:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/20 02:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/09/12 13:09:23 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120912.004\ex64.sys -- (NAVEX15)
DRV - [2012/09/12 13:09:23 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120912.004\eng64.sys -- (NAVENG)
DRV - [2012/09/06 14:46:25 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120911.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 15:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2"
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchrom ebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pony\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Pony\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pony\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pony\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pony\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2012/09/03 12:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/03 12:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/02 12:36:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/02 12:36:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/04 16:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pony\AppData\Roaming\Mozilla\Extensions
[2012/09/12 16:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\ext ensions
[2012/08/08 18:54:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\ext ensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/09/12 16:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\ext ensions\staged
[2012/09/12 16:14:29 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\ext ensions\staged\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/08/02 12:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/24 09:26:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/02 12:36:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/04 19:28:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/04 19:28:23 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.gmail.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggesti on}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chro me&hl={language}&q={searchTerms},
CHR - homepage: http://www.gmail.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pony\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFl ash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pony\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32. dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pony\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogle NaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pony\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSk ypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Pony\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Pony\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchrom ebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Pony\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\
CHR - Extension: BeFunky Photo Editor = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab\1.1_0\
CHR - Extension: Turn Off the Lights = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.6_0\
CHR - Extension: WOT = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.1_0\
CHR - Extension: YouTube = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Look of Disapproval = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn\2.3.5_0\
CHR - Extension: Google Search = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: WOT Safe Search = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddcihbboebboehpkkdfdkhbodacmmfkk\2_0\
CHR - Extension: Ponyhoof = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd\1.331_0\
CHR - Extension: Edit This Cookie = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.1.10_0\
CHR - Extension: Derpy Hooves = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbakoljpekdcimmdboclmaochbmmgbdk\1_0\
CHR - Extension: Pixlr Editor = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: iPiccy Photo Editor = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh\1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Ghostery = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\
CHR - Extension: cats. = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdfklfdfahcjkkkogigggbfhbojcnhgb\0.22_0\
CHR - Extension: Gmail = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll (RealPlayer)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Pony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Pony\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D4EACD5-6302-453F-B2B7-2DBAC18AB8CF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1EEA2DE-D5A7-4AB4-B7C9-06F790159DDD}: DhcpNameServer = 199.96.34.33 199.96.34.34
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/11 20:57:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/11 20:57:29 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/11 20:57:24 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/11 20:57:24 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/11 19:49:38 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Pony\Desktop\OTL (1).exe
[2012/09/11 19:11:58 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/09/11 11:33:49 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/09/10 12:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/09/10 12:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012/09/05 19:38:00 | 000,000,000 | ---D | C] -- C:\Users\Pony\AppData\Roaming\QuickScan
[2012/09/04 21:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/04 21:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/02 17:50:39 | 000,000,000 | ---D | C] -- C:\Users\Pony\Documents\Electronic Arts
[2012/09/02 17:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/09/02 17:17:44 | 000,000,000 | ---D | C] -- C:\Users\Pony\AppData\Roaming\Origin
[2012/09/02 17:17:36 | 000,000,000 | ---D | C] -- C:\Users\Pony\AppData\Local\Origin
[2012/09/02 17:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/09/02 17:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/09/02 17:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/09/02 16:45:36 | 000,000,000 | ---D | C] -- C:\Users\Pony\AppData\Roaming\uTorrent
[2012/08/29 21:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2012/08/27 18:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012/08/27 18:24:50 | 000,000,000 | ---D | C] -- C:\Users\Pony\AppData\Roaming\SystemRequirementsLab
[2012/08/25 13:31:22 | 000,000,000 | ---D | C] -- C:\Users\Pony\Documents\Stories
[2012/08/25 13:27:31 | 000,000,000 | ---D | C] -- C:\Users\Pony\AppData\Local\Amazon
[2012/08/25 13:27:12 | 000,101,680 | ---- | C] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll
[2012/08/22 10:53:26 | 000,000,000 | ---D | C] -- C:\Users\Pony\Documents\Amazon Music Importer
[2012/08/20 21:55:56 | 000,000,000 | ---D | C] -- C:\Users\Pony\Documents\Mangas
[2012/08/20 10:58:18 | 000,000,000 | ---D | C] -- C:\Users\Pony\Documents\Fonts
[2012/08/14 22:58:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/14 22:58:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/14 22:58:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/14 22:58:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/14 22:58:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/14 22:58:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/14 22:58:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/14 22:58:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/14 22:58:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/14 22:58:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/14 22:58:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/14 22:58:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/14 22:58:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/14 22:50:08 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/14 22:50:00 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/14 22:50:00 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/14 22:50:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/14 22:47:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/14 22:47:55 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/14 22:47:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/14 22:47:48 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

========== Files - Modified Within 30 Days ==========

[2012/09/12 17:05:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/12 17:01:18 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1715406819-2490588037-262294959-1001UA.job
[2012/09/12 16:52:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/12 16:41:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 16:41:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 16:34:49 | 000,000,919 | ---- | M] () -- C:\Users\Pony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2012/09/12 16:34:24 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2012/09/12 16:34:21 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/12 16:34:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/12 16:34:02 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 15:00:20 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1715406819-2490588037-262294959-1001Core.job
[2012/09/12 12:50:15 | 000,794,214 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/12 12:50:15 | 000,671,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/12 12:50:15 | 000,124,966 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/12 12:44:30 | 003,319,493 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Cat.DB
[2012/09/11 19:49:28 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Pony\Desktop\OTL (1).exe
[2012/09/11 18:12:38 | 000,000,512 | ---- | M] () -- C:\Users\Pony\Documents\MBR.dat
[2012/09/10 18:00:39 | 000,001,873 | ---- | M] () -- C:\Users\Pony\Desktop\IMVU.lnk
[2012/09/10 16:15:29 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/10 16:15:29 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/10 16:12:27 | 000,413,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/10 12:21:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/09/05 19:49:31 | 000,842,837 | ---- | M] () -- C:\Users\Pony\AppData\Local\census.cache
[2012/09/05 19:48:41 | 000,109,240 | ---- | M] () -- C:\Users\Pony\AppData\Local\ars.cache
[2012/09/05 19:35:51 | 000,000,036 | ---- | M] () -- C:\Users\Pony\AppData\Local\housecall.guid.cache
[2012/09/05 18:46:51 | 000,000,360 | ---- | M] () -- C:\Users\Pony\Documents\cc_20120905_184638.reg
[2012/09/05 18:34:17 | 000,002,272 | ---- | M] () -- C:\{6A4F6AD1-A973-48E1-A763-918E348283AB}
[2012/09/05 18:34:13 | 000,022,928 | ---- | M] () -- C:\{D27BA721-5E77-4325-96CE-3448C2F7FE50}
[2012/09/05 16:54:29 | 000,000,360 | ---- | M] () -- C:\Users\Pony\Documents\cc_20120905_165424.reg
[2012/09/05 14:41:14 | 000,000,360 | ---- | M] () -- C:\Users\Pony\Documents\cc_20120905_144105.reg
[2012/09/04 21:19:10 | 000,007,342 | ---- | M] () -- C:\Users\Pony\Documents\cc_20120904_211908.reg
[2012/09/04 21:18:56 | 000,099,488 | ---- | M] () -- C:\Users\Pony\Documents\cc_20120904_211845.reg
[2012/09/04 21:16:49 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/04 20:16:41 | 000,002,447 | ---- | M] () -- C:\Users\Pony\Desktop\Google Chrome.lnk
[2012/09/03 13:06:54 | 000,002,272 | ---- | M] () -- C:\{FB48D830-37B4-47B1-AE6A-2F3750413A02}
[2012/09/03 12:12:34 | 000,019,920 | ---- | M] () -- C:\bootsqm.dat
[2012/09/01 19:50:36 | 000,037,232 | ---- | M] () -- C:\Users\Pony\AppData\Local\recently-used.xbel
[2012/08/25 13:27:12 | 000,101,680 | ---- | M] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll
[2012/08/22 11:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/08/22 11:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/08/22 10:53:22 | 000,001,222 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Music Importer.lnk
[2012/08/16 17:22:32 | 000,000,000 | ---- | M] () -- C:\Users\Pony\G3sessionisrunning
[2012/08/15 13:12:48 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\VT20120731.038
[2012/08/14 21:13:08 | 000,002,399 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk

========== Files Created - No Company Name ==========

[2012/09/11 18:12:38 | 000,000,512 | ---- | C] () -- C:\Users\Pony\Documents\MBR.dat
[2012/09/10 12:21:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/09/05 19:49:31 | 000,842,837 | ---- | C] () -- C:\Users\Pony\AppData\Local\census.cache
[2012/09/05 19:48:41 | 000,109,240 | ---- | C] () -- C:\Users\Pony\AppData\Local\ars.cache
[2012/09/05 19:35:51 | 000,000,036 | ---- | C] () -- C:\Users\Pony\AppData\Local\housecall.guid.cache
[2012/09/05 18:46:48 | 000,000,360 | ---- | C] () -- C:\Users\Pony\Documents\cc_20120905_184638.reg
[2012/09/05 18:34:17 | 000,002,272 | ---- | C] () -- C:\{6A4F6AD1-A973-48E1-A763-918E348283AB}
[2012/09/05 18:34:13 | 000,022,928 | ---- | C] () -- C:\{D27BA721-5E77-4325-96CE-3448C2F7FE50}
[2012/09/05 16:54:27 | 000,000,360 | ---- | C] () -- C:\Users\Pony\Documents\cc_20120905_165424.reg
[2012/09/05 14:41:08 | 000,000,360 | ---- | C] () -- C:\Users\Pony\Documents\cc_20120905_144105.reg
[2012/09/04 21:19:09 | 000,007,342 | ---- | C] () -- C:\Users\Pony\Documents\cc_20120904_211908.reg
[2012/09/04 21:18:48 | 000,099,488 | ---- | C] () -- C:\Users\Pony\Documents\cc_20120904_211845.reg
[2012/09/04 21:16:49 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/03 13:06:54 | 000,002,272 | ---- | C] () -- C:\{FB48D830-37B4-47B1-AE6A-2F3750413A02}
[2012/09/03 12:12:34 | 000,019,920 | ---- | C] () -- C:\bootsqm.dat
[2012/09/01 19:50:36 | 000,037,232 | ---- | C] () -- C:\Users\Pony\AppData\Local\recently-used.xbel
[2012/08/22 10:53:22 | 000,001,234 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Music Importer.lnk
[2012/08/22 10:53:22 | 000,001,222 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Music Importer.lnk
[2012/08/13 11:40:55 | 000,000,000 | ---- | C] () -- C:\Users\Pony\G3sessionisrunning
[2012/08/13 11:40:53 | 000,000,243 | ---- | C] () -- C:\Users\Pony\dsj.xml
[2012/06/17 18:00:47 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/06/17 18:00:47 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/05/24 17:39:16 | 000,005,632 | ---- | C] () -- C:\Users\Pony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/12 11:43:37 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012/02/27 15:13:51 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011/12/21 00:47:52 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/12/21 00:47:01 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/12/21 00:46:42 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/12/21 00:46:39 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/12/21 00:46:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/12/21 00:46:36 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/11/03 03:19:25 | 004,501,562 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F591490A

< End of report >
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,328 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
12-Sep-2012, 08:45 PM #21
Hello originaltale,

Question - these look like reg files do you know what they are?

C:\Users\Pony\Documents\cc_20120905_184638.reg
C:\Users\Pony\Documents\cc_20120905_165424.reg
C:\Users\Pony\Documents\cc_20120905_144105.reg
C:\Users\Pony\Documents\cc_20120904_211908.reg
C:\Users\Pony\Documents\cc_20120904_211845.reg


Also my question at my last post. How is your computer? Has there been any change in its performance?
originaltale's Avatar
originaltale originaltale is offline
Computer Specs
Member with 21 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
12-Sep-2012, 08:47 PM #22
Those are my CCleaner backup files..
eh, I didn't know I saved that many..
originaltale's Avatar
originaltale originaltale is offline
Computer Specs
Member with 21 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
12-Sep-2012, 08:47 PM #23
Oh and, no, there has not been much change in performance.
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,328 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
12-Sep-2012, 08:59 PM #24
Please download MbrScan to your desktop
  • Run MbrScan
  • Place a tick in the asm Code box just below the report button
  • Then press the report button

Copy and paste the generated report to your next post please
originaltale's Avatar
originaltale originaltale is offline
Computer Specs
Member with 21 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
12-Sep-2012, 09:06 PM #25
Code:
MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/09/12 (ISO 8601) at 18:06:04
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD32 00BPVT-80JJ5 (01.0)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	298.1 Go  [Fixed] ==> 7 MBR Code .

MBR_MD5   : 5F7DB7D1829F2F70D0840CCC08AEE004
MBR_SHA1  : B0ED10F26367387869EC0846CFAA488F196F3113

Device\Harddisk0\Partition1	25.00 Go  	0x1C Hidden FAT32 [LBA] 
Device\Harddisk0\Partition2	125.0 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition3	148.1 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x0300B000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BCE000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00CEB000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00D4E000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00EE5000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F89000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F98000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00FEF000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00E0A000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00E3D000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00E4A000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\compbatt.sys => Invisible on the disk
ADDRESS : 0x00E5F000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00E68000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00E74000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00E89000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\system32\drivers\pciide.sys => Invisible on the disk
ADDRESS : 0x00FF8000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x00CC0000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00CD0000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x0103B000
SIZE    : 3.60 Mo

DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x013D5000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x0102A000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x013DE000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x00DAC000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS => Invisible on the disk
ADDRESS : 0x014E5000
SIZE    : 452.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x01556000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS => Invisible on the disk
ADDRESS : 0x01632000
SIZE    : 1.09 Mo

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0182B000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x0174A000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x019CE000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0156A000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x019E9000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01AB0000
SIZE    : 968.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01A00000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01A60000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01C00000
SIZE    : 2.00 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01BA2000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x017A8000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01BEC000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01A8A000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01A9C000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x0143A000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x0180A000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x04013000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys => Invisible on the disk
ADDRESS : 0x01482000
SIZE    : 184.0 Ko

DRIVER  : C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS => Invisible on the disk
ADDRESS : 0x014B0000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x0403D000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x04046000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x043F1000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x044A4000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x044C9000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x044D9000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x044E2000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x044EB000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x044F4000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x044FF000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x04510000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x04532000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x0453F000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x04400000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x04445000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x0444E000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x04474000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x0448A000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x045C8000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x045E3000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS => Invisible on the disk
ADDRESS : 0x03EE0000
SIZE    : 432.0 Ko

DRIVER  : C:\Windows\system32\Drivers\SYMEVENT64x86.SYS => Invisible on the disk
ADDRESS : 0x03F4C000
SIZE    : 224.0 Ko

DRIVER  : C:\Windows\system32\drivers\NAVx64\1308000.00E\SRTSPX64.SYS => Invisible on the disk
ADDRESS : 0x03F84000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x03F99000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x03FEA000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x03E00000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x030FB000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x0310A000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x03128000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x04800000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x04C3D000
SIZE    : 11.74 Mo

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x05CE3000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x05C00000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x05C46000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x05C57000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x05C68000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x05CBE000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\athrx.sys => Invisible on the disk
ADDRESS : 0x05E50000
SIZE    : 2.66 Mo

DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x060FA000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\asmtxhci.sys => Invisible on the disk
ADDRESS : 0x06107000
SIZE    : 400.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\L1C62x64.sys => Invisible on the disk
ADDRESS : 0x0616B000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x06180000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x04643000
SIZE    : 1.39 Mo

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x047A8000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x047AA000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbfiltr.sys => Invisible on the disk
ADDRESS : 0x047B9000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x047C1000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x047D0000
SIZE    : 20.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x047D5000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x047EB000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x04600000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x04610000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x0619E000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x04626000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x061C2000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x05E00000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x05E1B000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x05DD7000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x04632000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x04826000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x05E3C000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x03139000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x04C00000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x06ABA000
SIZE    : 2.93 Mo

DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x06DA7000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x06A00000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x06A22000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk
ADDRESS : 0x06A28000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\asmthub3.sys => Invisible on the disk
ADDRESS : 0x06A7B000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00080000
SIZE    : 3.08 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x06A9F000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x06AAB000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x0404D000
SIZE    : 3.60 Mo

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x06DE4000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x04C15000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x04869000
SIZE    : 184.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x04634000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x03193000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x06DF7000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x061F1000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x05DF1000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00580000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00670000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x031AC000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x031CF000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x03000000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x03015000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x03068000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x03E8D000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x02EB4000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x02F7D000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x02F9B000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x02FB3000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x02E00000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x02E4E000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x04AB9000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x04B5F000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x04B6A000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x04B9B000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x04A00000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x06EFE000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x06F96000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NAVx64\1308000.00E\SRTSP64.SYS => Invisible on the disk
ADDRESS : 0x09A45000
SIZE    : 764.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x48300000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3.м.|..ؾ.|.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   ...Ph....
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ..~..|.......
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   ..V.UF..F..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   AU.]r..Uu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ..t.F.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..B.V...
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ........|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n..fas.
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~........
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2.V..]..>}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   un.v...u.d
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   ..`|..du
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   ...f#u;f.T
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2...r,fh..
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah....Z2.|..
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   .........2
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....<.t....
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .+d.$.
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.Invalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 4B 2A 10 E3 00 00 00 20   em...c{.K*.... 
0x000001C0   21 00 1C FE FF FF 00 08 00 00 00 00 20 03 80 FE   !.......... ..
0x000001D0   FF FF 07 FE FF FF 00 08 20 03 00 E0 A0 0F 00 FE   ....... .....
0x000001E0   FF FF 07 FE FF FF 00 E8 C0 12 00 F8 81 12 00 00   ............
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............U

__________________________16_BIT_ASM_CODE
   
0x0000    33c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    8ec0            MOV ES, AX   
0x0009    8ed8            MOV DS, AX   
0x000B    be 007c         MOV SI, 0x7c00   
0x000E    bf 0006         MOV DI, 0x600   
0x0011    b9 0002         MOV CX, 0x200   
0x0014    fc              CLD   
0x0015    f3 a4           REP MOVSB   
0x0017    50              PUSH AX   
0x0018    68 1c06         PUSH 0x61c   
0x001B    cb              RETF   
0x001C    fb              STI   
0x001D    b9 0400         MOV CX, 0x4   
0x0020    bd be07         MOV BP, 0x7be   
0x0023    807e 00 00      CMP BYTE [BP+0x0], 0x0   
0x0027    7c 0b           JL 0x34   
0x0029    0f85 0e01       JNZ 0x13b   
0x002D    83c5 10         ADD BP, 0x10   
0x0030    e2 f1           LOOP 0x23   
0x0032    cd 18           INT 0x18   
0x0034    8856 00         MOV [BP+0x0], DL   
0x0037    55              PUSH BP   
0x0038    c646 11 05      MOV BYTE [BP+0x11], 0x5   
0x003C    c646 10 00      MOV BYTE [BP+0x10], 0x0   
0x0040    b4 41           MOV AH, 0x41   
0x0042    bb aa55         MOV BX, 0x55aa   
0x0045    cd 13           INT 0x13   
0x0047    5d              POP BP   
0x0048    72 0f           JB 0x59   
0x004A    81fb 55aa       CMP BX, 0xaa55   
0x004E    75 09           JNZ 0x59   
0x0050    f7c1 0100       TEST CX, 0x1   
0x0054    74 03           JZ 0x59   
0x0056    fe46 10         INC BYTE [BP+0x10]   
0x0059    66 60           PUSHAD   
0x005B    807e 10 00      CMP BYTE [BP+0x10], 0x0   
0x005F    74 26           JZ 0x87   
0x0061    66 68 00000000  PUSH 0x0   
0x0067    66 ff76 08      PUSH DWORD [BP+0x8]   
0x006B    68 0000         PUSH 0x0   
0x006E    68 007c         PUSH 0x7c00   
0x0071    68 0100         PUSH 0x1   
0x0074    68 1000         PUSH 0x10   
0x0077    b4 42           MOV AH, 0x42   
0x0079    8a56 00         MOV DL, [BP+0x0]   
0x007C    8bf4            MOV SI, SP   
0x007E    cd 13           INT 0x13   
0x0080    9f              LAHF   
0x0081    83c4 10         ADD SP, 0x10   
0x0084    9e              SAHF   
0x0085    eb 14           JMP 0x9b   
0x0087    b8 0102         MOV AX, 0x201   
0x008A    bb 007c         MOV BX, 0x7c00   
0x008D    8a56 00         MOV DL, [BP+0x0]   
0x0090    8a76 01         MOV DH, [BP+0x1]   
0x0093    8a4e 02         MOV CL, [BP+0x2]   
0x0096    8a6e 03         MOV CH, [BP+0x3]   
0x0099    cd 13           INT 0x13   
0x009B    66 61           POPAD   
0x009D    73 1c           JAE 0xbb   
0x009F    fe4e 11         DEC BYTE [BP+0x11]   
0x00A2    75 0c           JNZ 0xb0   
0x00A4    807e 00 80      CMP BYTE [BP+0x0], 0x80   
0x00A8    0f84 8a00       JZ 0x136   
0x00AC    b2 80           MOV DL, 0x80   
0x00AE    eb 84           JMP 0x34   
0x00B0    55              PUSH BP   
0x00B1    32e4            XOR AH, AH   
0x00B3    8a56 00         MOV DL, [BP+0x0]   
0x00B6    cd 13           INT 0x13   
0x00B8    5d              POP BP   
0x00B9    eb 9e           JMP 0x59   
0x00BB    813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55   
0x00C1    75 6e           JNZ 0x131   
0x00C3    ff76 00         PUSH WORD [BP+0x0]   
0x00C6    e8 8d00         CALL 0x156   
0x00C9    75 17           JNZ 0xe2   
0x00CB    fa              CLI   
0x00CC    b0 d1           MOV AL, 0xd1   
0x00CE    e6 64           OUT 0x64, AL   
0x00D0    e8 8300         CALL 0x156   
0x00D3    b0 df           MOV AL, 0xdf   
0x00D5    e6 60           OUT 0x60, AL   
0x00D7    e8 7c00         CALL 0x156   
0x00DA    b0 ff           MOV AL, 0xff   
0x00DC    e6 64           OUT 0x64, AL   
0x00DE    e8 7500         CALL 0x156   
0x00E1    fb              STI   
0x00E2    b8 00bb         MOV AX, 0xbb00   
0x00E5    cd 1a           INT 0x1a   
0x00E7    66 23c0         AND EAX, EAX   
0x00EA    75 3b           JNZ 0x127   
0x00EC    66 81fb 54435041CMP EBX, 0x41504354   
0x00F3    75 32           JNZ 0x127   
0x00F5    81f9 0201       CMP CX, 0x102   
0x00F9    72 2c           JB 0x127   
0x00FB    66 68 07bb0000  PUSH 0xbb07   
0x0101    66 68 00020000  PUSH 0x200   
0x0107    66 68 08000000  PUSH 0x8   
0x010D    66 53           PUSH EBX   
0x010F    66 53           PUSH EBX   
0x0111    66 55           PUSH EBP   
0x0113    66 68 00000000  PUSH 0x0   
0x0119    66 68 007c0000  PUSH 0x7c00   
0x011F    66 61           POPAD   
0x0121    68 0000         PUSH 0x0   
0x0124    07              POP ES   
0x0125    cd 1a           INT 0x1a   
0x0127    5a              POP DX   
0x0128    32f6            XOR DH, DH   
0x012A    ea 007c 0000    JMP FAR 0x0:0x7c00   
0x012F    cd 18           INT 0x18   
0x0131    a0 b707         MOV AL, [0x7b7]   
0x0134    eb 08           JMP 0x13e   
0x0136    a0 b607         MOV AL, [0x7b6]   
0x0139    eb 03           JMP 0x13e   
0x013B    a0 b507         MOV AL, [0x7b5]   
0x013E    32e4            XOR AH, AH   
0x0140    05 0007         ADD AX, 0x700   
0x0143    8bf0            MOV SI, AX   
0x0145    ac              LODSB   
0x0146    3c 00           CMP AL, 0x0   
0x0148    74 09           JZ 0x153   
0x014A    bb 0700         MOV BX, 0x7   
0x014D    b4 0e           MOV AH, 0xe   
0x014F    cd 10           INT 0x10   
0x0151    eb f2           JMP 0x145   
0x0153    f4              HLT   
0x0154    eb fd           JMP 0x153   
0x0156    2bc9            SUB CX, CX   
0x0158    e4 64           IN AL, 0x64   
0x015A    eb 00           JMP 0x15c   
0x015C    24 02           AND AL, 0x2   
0x015E    e0 f8           LOOPNZ 0x158   
0x0160    24 02           AND AL, 0x2   
0x0162    c3              RET   
0x0163    49              DEC CX   
0x0164    6e              OUTSB   
0x0165    76 61           JBE 0x1c8   
0x0167    6c              INSB   
0x0168    6964 20 7061    IMUL SP, [SI+0x20], 0x6170   
0x016D    72 74           JB 0x1e3   
0x016F    6974 69 6f6e    IMUL SI, [SI+0x69], 0x6e6f   
0x0174    2074 61         AND [SI+0x61], DH   
0x0177    626c 65         BOUND BP, [SI+0x65]   
0x017A    0045 72         ADD [DI+0x72], AL   
0x017D    72 6f           JB 0x1ee   
0x017F    72 20           JB 0x1a1   
0x0181    6c              INSB   
0x0182    6f              OUTSW   
0x0183    61              POPA   
0x0184    64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20   
0x018A    70 65           JO 0x1f1   
0x018C    72 61           JB 0x1ef   
0x018E    74 69           JZ 0x1f9   
0x0190    6e              OUTSB   
0x0191    67 2073 79      AND [EBX+0x79], DH   
0x0195    73 74           JAE 0x20b   
0x0197    65 6d           INS WORD GS:[DI], DX   
0x0199    004d 69         ADD [DI+0x69], CL   
0x019C    73 73           JAE 0x211   
0x019E    696e 67 206f    IMUL BP, [BP+0x67], 0x6f20   
0x01A3    70 65           JO 0x20a   
0x01A5    72 61           JB 0x208   
0x01A7    74 69           JZ 0x212   
0x01A9    6e              OUTSB   
0x01AA    67 2073 79      AND [EBX+0x79], DH   
0x01AE    73 74           JAE 0x224   
0x01B0    65 6d           INS WORD GS:[DI], DX   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0063 7b         ADD [BP+DI+0x7b], AH   
0x01B7    9a 4b2a 10e3    CALL FAR 0xe310:0x2a4b   
0x01BC    0000            ADD [BX+SI], AL   
0x01BE    0020            ADD [BX+SI], AH   
0x01C0    2100            AND [BX+SI], AX   
0x01C2    1c fe           SBB AL, 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff00            INC WORD [BX+SI]   
0x01C7    0800            OR [BX+SI], AL   
0x01C9    0000            ADD [BX+SI], AL   
0x01CB    0020            ADD [BX+SI], AH   
0x01CD    0380 feff       ADD AX, [BX+SI-0x2]   
0x01D1    ff07            INC WORD [BX]   
0x01D3    fe              DB 0xfe   
0x01D4    ff              DB 0xff   
0x01D5    ff00            INC WORD [BX+SI]   
0x01D7    0820            OR [BX+SI], AH   
0x01D9    0300            ADD AX, [BX+SI]   
0x01DB    e0 a0           LOOPNZ 0x17d   
0x01DD    0f              DB 0xf   
0x01DE    00fe            ADD DH, BH   
0x01E0    ff              DB 0xff   
0x01E1    ff07            INC WORD [BX]   
0x01E3    fe              DB 0xfe   
0x01E4    ff              DB 0xff   
0x01E5    ff00            INC WORD [BX+SI]   
0x01E7    e8 c012         CALL 0x14aa   
0x01EA    00f8            ADD AL, BH   
0x01EC    8112 0000       ADC WORD [BP+SI], 0x0   
0x01F0    0000            ADD [BX+SI], AL   
0x01F2    0000            ADD [BX+SI], AL   
0x01F4    0000            ADD [BX+SI], AL   
0x01F6    0000            ADD [BX+SI], AL   
0x01F8    0000            ADD [BX+SI], AL   
0x01FA    0000            ADD [BX+SI], AL   
0x01FC    0000            ADD [BX+SI], AL   
0x01FE    55              PUSH BP   
0x01FF    aa              STOSB
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,328 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
12-Sep-2012, 09:34 PM #26
Well there is nothing leaping out at me. There are some strange files there but they seem to be related to your Ccleaner actions.

Let's do this.

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :Commands
    [CreateRestorePoint]
    
    :Files
    ipconfig /flushdns /c
    netsh int ip reset c:\resetlog.txt  /c
    ipconfig /release /c
    ipconfig /renew /c
    
    :Commands
    [ResetHosts]
    [emptyflash]
    [emptyjava]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
And after that

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
So when you return please post
  • OTL.txt
  • ESET log
originaltale's Avatar
originaltale originaltale is offline
Computer Specs
Member with 21 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
12-Sep-2012, 09:43 PM #27
After running OTL, two icons [the regular notepad icon plus a gear - seems familiar but I can't remember where I've seen it] popped up on my desktop, where the OTL desktop icon is. I opened them up, I'm assuming they're the logs that should pop up after the reboot.



[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
CyberLink Media Suite.lnk=@C:\PROGRA~2\CYBERL~1\MEDIAS~1\MUITRA~1\PSEnvRes.dll,-110
Norton AntiVirus.lnk=@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-101



[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,328 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
13-Sep-2012, 12:24 AM #28
Something funny there.

Did you have Norton disabled before running OTL?

If not try it with Norton disabled or in Safe Mode.
originaltale's Avatar
originaltale originaltale is offline
Computer Specs
Member with 21 posts.
THREAD STARTER
 
Join Date: Sep 2012
Experience: Intermediate
13-Sep-2012, 07:14 PM #29
No, I didn't disable Norton before running.
I'll rerun OTL.

Also, I haven't gotten the chance to run ESET, I ran it yesterday night but my computer shut down halfway through because of an 'error' [on a blue screen] and it was too late to run another scan.
It detected 5 threats/infected files, those were all 'Win32' files. Not sure if they've been removed or not, planning to rerun the scanner today.
emeraldnzl's Avatar
Computer Specs
Malware Removal Specialist with 2,328 posts.
 
Join Date: Nov 2007
Location: Auckland,N.Z.
13-Sep-2012, 07:28 PM #30
Okie dokie. Look forward to seeing your scan results.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
crash hard shutdown, shut down, slow access

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑