1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer Running Extremely Slow...?

Discussion in 'Virus & Other Malware Removal' started by originaltale, Sep 5, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello again originaltale,

    You may have to disable your security programs to run these.

    Now

    Please download AdwCleaner from here to your desktop
    • Click on the green downward facing arrow on the right to commence download.
    • Run AdwCleaner and select Delete

    [​IMG]

    Once done it will ask to reboot, allow this
    On reboot a log will be produced please attach that

    Next

    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy & Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    So when you return please post
    • AdwCleaner log
    • MBAM report
     
  2. originaltale

    originaltale Thread Starter

    Joined:
    Sep 5, 2012
    Messages:
    21
    AdwCleaner


    # AdwCleaner v2.001 - Logfile created 09/12/2012 at 13:54:10
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Pony - PONY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Pony\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\extensions\[email protected]
    Folder Deleted : C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\extensions\staged

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Secure Search

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v14.0.1 (en-US)

    Profile name : default
    File : C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\prefs.js

    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    -\\ Google Chrome v21.0.1180.89

    File : C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1841 octets] - [12/09/2012 13:53:54]
    AdwCleaner[S1].txt - [2075 octets] - [12/09/2012 13:54:10]

    ########## EOF - C:\AdwCleaner[S1].txt - [2135 octets] ##########
     
  3. originaltale

    originaltale Thread Starter

    Joined:
    Sep 5, 2012
    Messages:
    21
    Malwarebytes:


    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.12.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Pony :: PONY-PC [administrator]

    9/12/2012 2:08:40 PM
    mbam-log-2012-09-12 (14-08-40).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212916
    Time elapsed: 11 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello originaltale,

    Please run OTL again. Also, when you return tell me how your computer is now.

    • Close all windows and open OTL again.
    • Click Run Scan and let the program run uninterrupted
    • It will produce a log for you. Post the log here.
     
  5. originaltale

    originaltale Thread Starter

    Joined:
    Sep 5, 2012
    Messages:
    21
    OTL logfile created on: 9/12/2012 4:56:09 PM - Run 2
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Pony\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.91 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 33.84% Memory free
    7.81 Gb Paging File | 4.77 Gb Available in Paging File | 61.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 125.03 Gb Total Space | 71.40 Gb Free Space | 57.10% Space Free | Partition Type: NTFS
    Drive D: | 148.06 Gb Total Space | 147.96 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

    Computer Name: PONY-PC | User Name: Pony | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/11 19:49:28 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Pony\Desktop\OTL (1).exe
    PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccsvchst.exe
    PRC - [2012/06/04 18:07:42 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/12/06 17:21:36 | 000,101,544 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    PRC - [2011/12/06 17:21:34 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
    PRC - [2011/11/30 18:10:34 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    PRC - [2011/11/30 18:10:32 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    PRC - [2011/10/18 19:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    PRC - [2011/10/03 16:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2011/10/03 12:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    PRC - [2011/07/21 16:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/10/07 15:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    PRC - [2010/07/09 23:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    PRC - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    PRC - [2009/06/19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    PRC - [2009/06/19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2008/08/13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/06 17:21:34 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    MOD - [2007/07/12 12:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/03/03 17:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/10 16:15:29 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/08/02 12:36:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe -- (NAV)
    SRV - [2011/11/30 18:10:32 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
    SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/05 19:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2012/07/05 19:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/06/06 21:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ccsetx64.sys -- (ccSet_NAV)
    DRV:64bit: - [2012/05/21 18:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2012/05/04 15:56:11 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/04/17 19:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/04/17 18:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/03 03:09:48 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/11/03 03:09:22 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/11/03 02:41:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/11/03 02:41:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/10/04 00:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/10/03 19:48:40 | 000,394,728 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011/10/03 19:48:38 | 000,129,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011/08/15 23:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\symds64.sys -- (SymDS)
    DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2011/05/05 05:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/04/25 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/08/24 02:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/07/20 02:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2012/09/12 13:09:23 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120912.004\ex64.sys -- (NAVEX15)
    DRV - [2012/09/12 13:09:23 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120912.004\eng64.sys -- (NAVENG)
    DRV - [2012/09/06 14:46:25 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120911.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/08/31 15:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120905.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2"
    FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pony\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Pony\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pony\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pony\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pony\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2012/09/03 12:22:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/03 12:22:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/02 12:36:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/02 12:36:39 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/05/04 16:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pony\AppData\Roaming\Mozilla\Extensions
    [2012/09/12 16:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\extensions
    [2012/08/08 18:54:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2012/09/12 16:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\extensions\staged
    [2012/09/12 16:14:29 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\Pony\AppData\Roaming\Mozilla\Firefox\Profiles\wtvmtovv.default\extensions\staged\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    [2012/08/02 12:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/08/24 09:26:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/08/02 12:36:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/07/04 19:28:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/07/04 19:28:23 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.gmail.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://www.gmail.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pony\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pony\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Pony\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pony\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Pony\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Pony\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Pony\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\
    CHR - Extension: BeFunky Photo Editor = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab\1.1_0\
    CHR - Extension: Turn Off the Lights = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.6_0\
    CHR - Extension: WOT = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.1_0\
    CHR - Extension: YouTube = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Look of Disapproval = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn\2.3.5_0\
    CHR - Extension: Google Search = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: WOT Safe Search = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddcihbboebboehpkkdfdkhbodacmmfkk\2_0\
    CHR - Extension: Ponyhoof = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd\1.331_0\
    CHR - Extension: Edit This Cookie = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.1.10_0\
    CHR - Extension: Derpy Hooves = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbakoljpekdcimmdboclmaochbmmgbdk\1_0\
    CHR - Extension: Pixlr Editor = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
    CHR - Extension: iPiccy Photo Editor = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh\1.1_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Skype Click to Call = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
    CHR - Extension: Ghostery = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\
    CHR - Extension: cats. = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdfklfdfahcjkkkogigggbfhbojcnhgb\0.22_0\
    CHR - Extension: Gmail = C:\Users\Pony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
    O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
    O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
    O4 - Startup: C:\Users\Pony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Pony\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D4EACD5-6302-453F-B2B7-2DBAC18AB8CF}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1EEA2DE-D5A7-4AB4-B7C9-06F790159DDD}: DhcpNameServer = 199.96.34.33 199.96.34.34
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/11 20:57:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
    [2012/09/11 20:57:29 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2012/09/11 20:57:24 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
    [2012/09/11 20:57:24 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2012/09/11 19:49:38 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Pony\Desktop\OTL (1).exe
    [2012/09/11 19:11:58 | 000,000,000 | -HSD | C] -- C:\found.001
    [2012/09/11 11:33:49 | 000,000,000 | -HSD | C] -- C:\found.000
    [2012/09/10 12:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    [2012/09/10 12:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
    [2012/09/05 19:38:00 | 000,000,000 | ---D | C] -- C:\Users\Pony\AppData\Roaming\QuickScan
    [2012/09/04 21:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/09/04 21:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/09/02 17:50:39 | 000,000,000 | ---D | C] -- C:\Users\Pony\Documents\Electronic Arts
    [2012/09/02 17:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
    [2012/09/02 17:17:44 | 000,000,000 | ---D | C] -- C:\Users\Pony\AppData\Roaming\Origin
    [2012/09/02 17:17:36 | 000,000,000 | ---D | C] -- C:\Users\Pony\AppData\Local\Origin
    [2012/09/02 17:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
    [2012/09/02 17:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
    [2012/09/02 17:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
    [2012/09/02 16:45:36 | 000,000,000 | ---D | C] -- C:\Users\Pony\AppData\Roaming\uTorrent
    [2012/08/29 21:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
    [2012/08/27 18:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
    [2012/08/27 18:24:50 | 000,000,000 | ---D | C] -- C:\Users\Pony\AppData\Roaming\SystemRequirementsLab
    [2012/08/25 13:31:22 | 000,000,000 | ---D | C] -- C:\Users\Pony\Documents\Stories
    [2012/08/25 13:27:31 | 000,000,000 | ---D | C] -- C:\Users\Pony\AppData\Local\Amazon
    [2012/08/25 13:27:12 | 000,101,680 | ---- | C] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll
    [2012/08/22 10:53:26 | 000,000,000 | ---D | C] -- C:\Users\Pony\Documents\Amazon Music Importer
    [2012/08/20 21:55:56 | 000,000,000 | ---D | C] -- C:\Users\Pony\Documents\Mangas
    [2012/08/20 10:58:18 | 000,000,000 | ---D | C] -- C:\Users\Pony\Documents\Fonts
    [2012/08/14 22:58:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/08/14 22:58:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/08/14 22:58:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/08/14 22:58:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/08/14 22:58:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/08/14 22:58:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/08/14 22:58:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/08/14 22:58:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/08/14 22:58:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/08/14 22:58:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/08/14 22:58:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/08/14 22:58:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/08/14 22:58:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/08/14 22:50:08 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
    [2012/08/14 22:50:00 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2012/08/14 22:50:00 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2012/08/14 22:50:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
    [2012/08/14 22:47:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
    [2012/08/14 22:47:55 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
    [2012/08/14 22:47:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
    [2012/08/14 22:47:48 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/09/12 17:05:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/12 17:01:18 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1715406819-2490588037-262294959-1001UA.job
    [2012/09/12 16:52:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/12 16:41:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/12 16:41:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/12 16:34:49 | 000,000,919 | ---- | M] () -- C:\Users\Pony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
    [2012/09/12 16:34:24 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
    [2012/09/12 16:34:21 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/12 16:34:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/12 16:34:02 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/12 15:00:20 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1715406819-2490588037-262294959-1001Core.job
    [2012/09/12 12:50:15 | 000,794,214 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/12 12:50:15 | 000,671,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/12 12:50:15 | 000,124,966 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/12 12:44:30 | 003,319,493 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\Cat.DB
    [2012/09/11 19:49:28 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Pony\Desktop\OTL (1).exe
    [2012/09/11 18:12:38 | 000,000,512 | ---- | M] () -- C:\Users\Pony\Documents\MBR.dat
    [2012/09/10 18:00:39 | 000,001,873 | ---- | M] () -- C:\Users\Pony\Desktop\IMVU.lnk
    [2012/09/10 16:15:29 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/09/10 16:15:29 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/09/10 16:12:27 | 000,413,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/09/10 12:21:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
    [2012/09/05 19:49:31 | 000,842,837 | ---- | M] () -- C:\Users\Pony\AppData\Local\census.cache
    [2012/09/05 19:48:41 | 000,109,240 | ---- | M] () -- C:\Users\Pony\AppData\Local\ars.cache
    [2012/09/05 19:35:51 | 000,000,036 | ---- | M] () -- C:\Users\Pony\AppData\Local\housecall.guid.cache
    [2012/09/05 18:46:51 | 000,000,360 | ---- | M] () -- C:\Users\Pony\Documents\cc_20120905_184638.reg
    [2012/09/05 18:34:17 | 000,002,272 | ---- | M] () -- C:\{6A4F6AD1-A973-48E1-A763-918E348283AB}
    [2012/09/05 18:34:13 | 000,022,928 | ---- | M] () -- C:\{D27BA721-5E77-4325-96CE-3448C2F7FE50}
    [2012/09/05 16:54:29 | 000,000,360 | ---- | M] () -- C:\Users\Pony\Documents\cc_20120905_165424.reg
    [2012/09/05 14:41:14 | 000,000,360 | ---- | M] () -- C:\Users\Pony\Documents\cc_20120905_144105.reg
    [2012/09/04 21:19:10 | 000,007,342 | ---- | M] () -- C:\Users\Pony\Documents\cc_20120904_211908.reg
    [2012/09/04 21:18:56 | 000,099,488 | ---- | M] () -- C:\Users\Pony\Documents\cc_20120904_211845.reg
    [2012/09/04 21:16:49 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/09/04 20:16:41 | 000,002,447 | ---- | M] () -- C:\Users\Pony\Desktop\Google Chrome.lnk
    [2012/09/03 13:06:54 | 000,002,272 | ---- | M] () -- C:\{FB48D830-37B4-47B1-AE6A-2F3750413A02}
    [2012/09/03 12:12:34 | 000,019,920 | ---- | M] () -- C:\bootsqm.dat
    [2012/09/01 19:50:36 | 000,037,232 | ---- | M] () -- C:\Users\Pony\AppData\Local\recently-used.xbel
    [2012/08/25 13:27:12 | 000,101,680 | ---- | M] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll
    [2012/08/22 11:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
    [2012/08/22 11:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2012/08/22 10:53:22 | 000,001,222 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Music Importer.lnk
    [2012/08/16 17:22:32 | 000,000,000 | ---- | M] () -- C:\Users\Pony\G3sessionisrunning
    [2012/08/15 13:12:48 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1308000.00E\VT20120731.038
    [2012/08/14 21:13:08 | 000,002,399 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk

    ========== Files Created - No Company Name ==========

    [2012/09/11 18:12:38 | 000,000,512 | ---- | C] () -- C:\Users\Pony\Documents\MBR.dat
    [2012/09/10 12:21:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
    [2012/09/05 19:49:31 | 000,842,837 | ---- | C] () -- C:\Users\Pony\AppData\Local\census.cache
    [2012/09/05 19:48:41 | 000,109,240 | ---- | C] () -- C:\Users\Pony\AppData\Local\ars.cache
    [2012/09/05 19:35:51 | 000,000,036 | ---- | C] () -- C:\Users\Pony\AppData\Local\housecall.guid.cache
    [2012/09/05 18:46:48 | 000,000,360 | ---- | C] () -- C:\Users\Pony\Documents\cc_20120905_184638.reg
    [2012/09/05 18:34:17 | 000,002,272 | ---- | C] () -- C:\{6A4F6AD1-A973-48E1-A763-918E348283AB}
    [2012/09/05 18:34:13 | 000,022,928 | ---- | C] () -- C:\{D27BA721-5E77-4325-96CE-3448C2F7FE50}
    [2012/09/05 16:54:27 | 000,000,360 | ---- | C] () -- C:\Users\Pony\Documents\cc_20120905_165424.reg
    [2012/09/05 14:41:08 | 000,000,360 | ---- | C] () -- C:\Users\Pony\Documents\cc_20120905_144105.reg
    [2012/09/04 21:19:09 | 000,007,342 | ---- | C] () -- C:\Users\Pony\Documents\cc_20120904_211908.reg
    [2012/09/04 21:18:48 | 000,099,488 | ---- | C] () -- C:\Users\Pony\Documents\cc_20120904_211845.reg
    [2012/09/04 21:16:49 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/09/03 13:06:54 | 000,002,272 | ---- | C] () -- C:\{FB48D830-37B4-47B1-AE6A-2F3750413A02}
    [2012/09/03 12:12:34 | 000,019,920 | ---- | C] () -- C:\bootsqm.dat
    [2012/09/01 19:50:36 | 000,037,232 | ---- | C] () -- C:\Users\Pony\AppData\Local\recently-used.xbel
    [2012/08/22 10:53:22 | 000,001,234 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Music Importer.lnk
    [2012/08/22 10:53:22 | 000,001,222 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Music Importer.lnk
    [2012/08/13 11:40:55 | 000,000,000 | ---- | C] () -- C:\Users\Pony\G3sessionisrunning
    [2012/08/13 11:40:53 | 000,000,243 | ---- | C] () -- C:\Users\Pony\dsj.xml
    [2012/06/17 18:00:47 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/06/17 18:00:47 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012/05/24 17:39:16 | 000,005,632 | ---- | C] () -- C:\Users\Pony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/05/12 11:43:37 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2012/02/27 15:13:51 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
    [2011/12/21 00:47:52 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2011/12/21 00:47:01 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/12/21 00:46:42 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/12/21 00:46:39 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/12/21 00:46:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/12/21 00:46:36 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/11/03 03:19:25 | 004,501,562 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F591490A

    < End of report >
     
  6. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello originaltale,

    Question - these look like reg files do you know what they are?

    C:\Users\Pony\Documents\cc_20120905_184638.reg
    C:\Users\Pony\Documents\cc_20120905_165424.reg
    C:\Users\Pony\Documents\cc_20120905_144105.reg
    C:\Users\Pony\Documents\cc_20120904_211908.reg
    C:\Users\Pony\Documents\cc_20120904_211845.reg


    Also my question at my last post. How is your computer? Has there been any change in its performance?
     
  7. originaltale

    originaltale Thread Starter

    Joined:
    Sep 5, 2012
    Messages:
    21
    Those are my CCleaner backup files..
    eh, I didn't know I saved that many..
     
  8. originaltale

    originaltale Thread Starter

    Joined:
    Sep 5, 2012
    Messages:
    21
    Oh and, no, there has not been much change in performance.
     
  9. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Please download MbrScan to your desktop

    • Run MbrScan
    • Place a tick in the asm Code box just below the report button
    • Then press the report button
    [​IMG]
    Copy and paste the generated report to your next post please
     
  10. originaltale

    originaltale Thread Starter

    Joined:
    Sep 5, 2012
    Messages:
    21
    Code:
    MBRScan v1.1.1
    
    OS             : Windows 7 Service Pack 1 (64 bit)
    PROCESSOR      : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
    BOOT           : Normal Boot
    DATE           : 2012/09/12 (ISO 8601) at 18:06:04
    ________________________________________________________________________________
    
    DISK           : Device\Harddisk0\DR0 __WDC WD32 00BPVT-80JJ5 (01.0)
    BUS_TYPE       : (0x03)  P-ATA
    USE_PIO        : NO
    MAX_TRANSFER   : 128 Kb
    ALIGNMENT_MASK : word aligned
    ________________________________________________________________________________
    
    Device\Harddisk0\DR0	298.1 Go  [Fixed] ==> 7 MBR Code .
    
    MBR_MD5   : 5F7DB7D1829F2F70D0840CCC08AEE004
    MBR_SHA1  : B0ED10F26367387869EC0846CFAA488F196F3113
    
    Device\Harddisk0\Partition1	25.00 Go  	0x1C Hidden FAT32 [LBA] 
    Device\Harddisk0\Partition2	125.0 Go  	0x07 NTFS / HPFS __ BOOTABLE __
    Device\Harddisk0\Partition3	148.1 Go  	0x07 NTFS / HPFS
    ________________________________________________________________________________
    
    ############################### Additional scan ################################
    
    DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
    ADDRESS : 0x0300B000
    SIZE    : 292.0 Ko
    
    DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
    ADDRESS : 0x00BCE000
    SIZE    : 40.0 Ko
    
    DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
    ADDRESS : 0x00CEB000
    SIZE    : 316.0 Ko
    
    DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
    ADDRESS : 0x00D4E000
    SIZE    : 376.0 Ko
    
    DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
    ADDRESS : 0x00C00000
    SIZE    : 768.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
    ADDRESS : 0x00EE5000
    SIZE    : 656.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
    ADDRESS : 0x00F89000
    SIZE    : 60.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
    ADDRESS : 0x00F98000
    SIZE    : 348.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
    ADDRESS : 0x00FEF000
    SIZE    : 36.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
    ADDRESS : 0x00E00000
    SIZE    : 40.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
    ADDRESS : 0x00E0A000
    SIZE    : 204.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
    ADDRESS : 0x00E3D000
    SIZE    : 52.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
    ADDRESS : 0x00E4A000
    SIZE    : 84.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\compbatt.sys => Invisible on the disk
    ADDRESS : 0x00E5F000
    SIZE    : 36.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\BATTC.SYS => Invisible on the disk
    ADDRESS : 0x00E68000
    SIZE    : 48.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
    ADDRESS : 0x00E74000
    SIZE    : 84.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
    ADDRESS : 0x00E89000
    SIZE    : 368.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\pciide.sys => Invisible on the disk
    ADDRESS : 0x00FF8000
    SIZE    : 28.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
    ADDRESS : 0x00CC0000
    SIZE    : 64.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
    ADDRESS : 0x00CD0000
    SIZE    : 104.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
    ADDRESS : 0x0103B000
    SIZE    : 3.60 Mo
    
    DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
    ADDRESS : 0x013D5000
    SIZE    : 36.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
    ADDRESS : 0x01000000
    SIZE    : 168.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\msahci.sys => Invisible on the disk
    ADDRESS : 0x0102A000
    SIZE    : 44.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
    ADDRESS : 0x013DE000
    SIZE    : 44.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
    ADDRESS : 0x00DAC000
    SIZE    : 304.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS => Invisible on the disk
    ADDRESS : 0x014E5000
    SIZE    : 452.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
    ADDRESS : 0x01556000
    SIZE    : 80.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS => Invisible on the disk
    ADDRESS : 0x01632000
    SIZE    : 1.09 Mo
    
    DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
    ADDRESS : 0x0182B000
    SIZE    : 1.64 Mo
    
    DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
    ADDRESS : 0x0174A000
    SIZE    : 376.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
    ADDRESS : 0x019CE000
    SIZE    : 108.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
    ADDRESS : 0x0156A000
    SIZE    : 456.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
    ADDRESS : 0x019E9000
    SIZE    : 68.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
    ADDRESS : 0x01800000
    SIZE    : 40.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
    ADDRESS : 0x01AB0000
    SIZE    : 968.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
    ADDRESS : 0x01A00000
    SIZE    : 384.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
    ADDRESS : 0x01A60000
    SIZE    : 168.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
    ADDRESS : 0x01C00000
    SIZE    : 2.00 Mo
    
    DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
    ADDRESS : 0x01BA2000
    SIZE    : 296.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
    ADDRESS : 0x017A8000
    SIZE    : 304.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
    ADDRESS : 0x01BEC000
    SIZE    : 32.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
    ADDRESS : 0x01400000
    SIZE    : 232.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
    ADDRESS : 0x01A8A000
    SIZE    : 72.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
    ADDRESS : 0x01A9C000
    SIZE    : 36.0 Ko
    
    DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
    ADDRESS : 0x0143A000
    SIZE    : 232.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
    ADDRESS : 0x0180A000
    SIZE    : 88.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
    ADDRESS : 0x01600000
    SIZE    : 192.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
    ADDRESS : 0x04013000
    SIZE    : 168.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys => Invisible on the disk
    ADDRESS : 0x01482000
    SIZE    : 184.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS => Invisible on the disk
    ADDRESS : 0x014B0000
    SIZE    : 196.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
    ADDRESS : 0x0403D000
    SIZE    : 36.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
    ADDRESS : 0x04046000
    SIZE    : 28.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
    ADDRESS : 0x043F1000
    SIZE    : 56.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
    ADDRESS : 0x044A4000
    SIZE    : 148.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
    ADDRESS : 0x044C9000
    SIZE    : 64.0 Ko
    
    DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
    ADDRESS : 0x044D9000
    SIZE    : 36.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
    ADDRESS : 0x044E2000
    SIZE    : 36.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
    ADDRESS : 0x044EB000
    SIZE    : 36.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
    ADDRESS : 0x044F4000
    SIZE    : 44.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
    ADDRESS : 0x044FF000
    SIZE    : 68.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
    ADDRESS : 0x04510000
    SIZE    : 136.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
    ADDRESS : 0x04532000
    SIZE    : 52.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
    ADDRESS : 0x0453F000
    SIZE    : 548.0 Ko
    
    DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
    ADDRESS : 0x04400000
    SIZE    : 276.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
    ADDRESS : 0x04445000
    SIZE    : 36.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
    ADDRESS : 0x0444E000
    SIZE    : 152.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
    ADDRESS : 0x04474000
    SIZE    : 88.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
    ADDRESS : 0x0448A000
    SIZE    : 60.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
    ADDRESS : 0x045C8000
    SIZE    : 108.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
    ADDRESS : 0x045E3000
    SIZE    : 80.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS => Invisible on the disk
    ADDRESS : 0x03EE0000
    SIZE    : 432.0 Ko
    
    DRIVER  : C:\Windows\system32\Drivers\SYMEVENT64x86.SYS => Invisible on the disk
    ADDRESS : 0x03F4C000
    SIZE    : 224.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\NAVx64\1308000.00E\SRTSPX64.SYS => Invisible on the disk
    ADDRESS : 0x03F84000
    SIZE    : 84.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
    ADDRESS : 0x03F99000
    SIZE    : 324.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
    ADDRESS : 0x03FEA000
    SIZE    : 48.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
    ADDRESS : 0x03E00000
    SIZE    : 44.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
    ADDRESS : 0x030FB000
    SIZE    : 60.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
    ADDRESS : 0x0310A000
    SIZE    : 120.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
    ADDRESS : 0x03128000
    SIZE    : 68.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
    ADDRESS : 0x04800000
    SIZE    : 152.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
    ADDRESS : 0x04C3D000
    SIZE    : 11.74 Mo
    
    DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
    ADDRESS : 0x05CE3000
    SIZE    : 976.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
    ADDRESS : 0x05C00000
    SIZE    : 280.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
    ADDRESS : 0x05C46000
    SIZE    : 68.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
    ADDRESS : 0x05C57000
    SIZE    : 68.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
    ADDRESS : 0x05C68000
    SIZE    : 344.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
    ADDRESS : 0x05CBE000
    SIZE    : 144.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\athrx.sys => Invisible on the disk
    ADDRESS : 0x05E50000
    SIZE    : 2.66 Mo
    
    DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
    ADDRESS : 0x060FA000
    SIZE    : 52.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\asmtxhci.sys => Invisible on the disk
    ADDRESS : 0x06107000
    SIZE    : 400.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\L1C62x64.sys => Invisible on the disk
    ADDRESS : 0x0616B000
    SIZE    : 84.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
    ADDRESS : 0x06180000
    SIZE    : 120.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
    ADDRESS : 0x04643000
    SIZE    : 1.39 Mo
    
    DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
    ADDRESS : 0x047A8000
    SIZE    : 8.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
    ADDRESS : 0x047AA000
    SIZE    : 60.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\kbfiltr.sys => Invisible on the disk
    ADDRESS : 0x047B9000
    SIZE    : 32.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
    ADDRESS : 0x047C1000
    SIZE    : 60.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
    ADDRESS : 0x047D0000
    SIZE    : 20.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
    ADDRESS : 0x047D5000
    SIZE    : 88.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\wmiacpi.sys => Invisible on the disk
    ADDRESS : 0x047EB000
    SIZE    : 36.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
    ADDRESS : 0x04600000
    SIZE    : 64.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
    ADDRESS : 0x04610000
    SIZE    : 88.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
    ADDRESS : 0x0619E000
    SIZE    : 144.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
    ADDRESS : 0x04626000
    SIZE    : 48.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
    ADDRESS : 0x061C2000
    SIZE    : 188.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
    ADDRESS : 0x05E00000
    SIZE    : 108.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
    ADDRESS : 0x05E1B000
    SIZE    : 132.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
    ADDRESS : 0x05DD7000
    SIZE    : 104.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
    ADDRESS : 0x04632000
    SIZE    : 8.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
    ADDRESS : 0x04826000
    SIZE    : 268.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
    ADDRESS : 0x05E3C000
    SIZE    : 72.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
    ADDRESS : 0x03139000
    SIZE    : 360.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
    ADDRESS : 0x04C00000
    SIZE    : 84.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
    ADDRESS : 0x06ABA000
    SIZE    : 2.93 Mo
    
    DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
    ADDRESS : 0x06DA7000
    SIZE    : 244.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
    ADDRESS : 0x06A00000
    SIZE    : 136.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
    ADDRESS : 0x06A22000
    SIZE    : 24.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk
    ADDRESS : 0x06A28000
    SIZE    : 332.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\asmthub3.sys => Invisible on the disk
    ADDRESS : 0x06A7B000
    SIZE    : 144.0 Ko
    
    DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
    ADDRESS : 0x00080000
    SIZE    : 3.08 Mo
    
    DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
    ADDRESS : 0x06A9F000
    SIZE    : 48.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
    ADDRESS : 0x06AAB000
    SIZE    : 56.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
    ADDRESS : 0x0404D000
    SIZE    : 3.60 Mo
    
    DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
    ADDRESS : 0x06DE4000
    SIZE    : 76.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
    ADDRESS : 0x04C15000
    SIZE    : 116.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
    ADDRESS : 0x04869000
    SIZE    : 184.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
    ADDRESS : 0x04634000
    SIZE    : 56.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
    ADDRESS : 0x03193000
    SIZE    : 100.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
    ADDRESS : 0x06DF7000
    SIZE    : 36.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
    ADDRESS : 0x061F1000
    SIZE    : 52.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
    ADDRESS : 0x05DF1000
    SIZE    : 56.0 Ko
    
    DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
    ADDRESS : 0x00580000
    SIZE    : 40.0 Ko
    
    DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
    ADDRESS : 0x00670000
    SIZE    : 156.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
    ADDRESS : 0x031AC000
    SIZE    : 140.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
    ADDRESS : 0x031CF000
    SIZE    : 132.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
    ADDRESS : 0x03000000
    SIZE    : 84.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
    ADDRESS : 0x03015000
    SIZE    : 332.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
    ADDRESS : 0x03068000
    SIZE    : 76.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
    ADDRESS : 0x03E8D000
    SIZE    : 96.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
    ADDRESS : 0x02EB4000
    SIZE    : 804.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
    ADDRESS : 0x02F7D000
    SIZE    : 120.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
    ADDRESS : 0x02F9B000
    SIZE    : 96.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
    ADDRESS : 0x02FB3000
    SIZE    : 180.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
    ADDRESS : 0x02E00000
    SIZE    : 312.0 Ko
    
    DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
    ADDRESS : 0x02E4E000
    SIZE    : 144.0 Ko
    
    DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
    ADDRESS : 0x04AB9000
    SIZE    : 664.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
    ADDRESS : 0x04B5F000
    SIZE    : 44.0 Ko
    
    DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
    ADDRESS : 0x04B6A000
    SIZE    : 196.0 Ko
    
    DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
    ADDRESS : 0x04B9B000
    SIZE    : 72.0 Ko
    
    DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
    ADDRESS : 0x04A00000
    SIZE    : 420.0 Ko
    
    DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
    ADDRESS : 0x06EFE000
    SIZE    : 608.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
    ADDRESS : 0x06F96000
    SIZE    : 216.0 Ko
    
    DRIVER  : C:\Windows\System32\Drivers\NAVx64\1308000.00E\SRTSP64.SYS => Invisible on the disk
    ADDRESS : 0x09A45000
    SIZE    : 764.0 Ko
    
    DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
    ADDRESS : 0x48300000
    SIZE    : 128.0 Ko
    
    BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
    
    SystemStartOptions :  NOEXECUTE=OPTIN
    
    ________________________________________________________________________________
    
    _______MBR   \Device\Harddisk0\DR0  
    
    0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
    0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
    0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
    0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
    0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
    0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
    0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
    0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
    0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
    0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
    0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
    0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
    0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
    0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
    0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
    0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
    0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
    0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
    0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
    0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
    0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
    0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
    0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
    0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
    0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
    0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
    0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
    0x000001B0   65 6D 00 00 00 63 7B 9A 4B 2A 10 E3 00 00 00 20   em...c{.K*.ã... 
    0x000001C0   21 00 1C FE FF FF 00 08 00 00 00 00 20 03 80 FE   !..þ........ ..þ
    0x000001D0   FF FF 07 FE FF FF 00 08 20 03 00 E0 A0 0F 00 FE   ...þ.... ..à...þ
    0x000001E0   FF FF 07 FE FF FF 00 E8 C0 12 00 F8 81 12 00 00   ...þ...èÀ..ø....
    0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª
    
    __________________________16_BIT_ASM_CODE
       
    0x0000    33c0            XOR AX, AX   
    0x0002    8ed0            MOV SS, AX   
    0x0004    bc 007c         MOV SP, 0x7c00   
    0x0007    8ec0            MOV ES, AX   
    0x0009    8ed8            MOV DS, AX   
    0x000B    be 007c         MOV SI, 0x7c00   
    0x000E    bf 0006         MOV DI, 0x600   
    0x0011    b9 0002         MOV CX, 0x200   
    0x0014    fc              CLD   
    0x0015    f3 a4           REP MOVSB   
    0x0017    50              PUSH AX   
    0x0018    68 1c06         PUSH 0x61c   
    0x001B    cb              RETF   
    0x001C    fb              STI   
    0x001D    b9 0400         MOV CX, 0x4   
    0x0020    bd be07         MOV BP, 0x7be   
    0x0023    807e 00 00      CMP BYTE [BP+0x0], 0x0   
    0x0027    7c 0b           JL 0x34   
    0x0029    0f85 0e01       JNZ 0x13b   
    0x002D    83c5 10         ADD BP, 0x10   
    0x0030    e2 f1           LOOP 0x23   
    0x0032    cd 18           INT 0x18   
    0x0034    8856 00         MOV [BP+0x0], DL   
    0x0037    55              PUSH BP   
    0x0038    c646 11 05      MOV BYTE [BP+0x11], 0x5   
    0x003C    c646 10 00      MOV BYTE [BP+0x10], 0x0   
    0x0040    b4 41           MOV AH, 0x41   
    0x0042    bb aa55         MOV BX, 0x55aa   
    0x0045    cd 13           INT 0x13   
    0x0047    5d              POP BP   
    0x0048    72 0f           JB 0x59   
    0x004A    81fb 55aa       CMP BX, 0xaa55   
    0x004E    75 09           JNZ 0x59   
    0x0050    f7c1 0100       TEST CX, 0x1   
    0x0054    74 03           JZ 0x59   
    0x0056    fe46 10         INC BYTE [BP+0x10]   
    0x0059    66 60           PUSHAD   
    0x005B    807e 10 00      CMP BYTE [BP+0x10], 0x0   
    0x005F    74 26           JZ 0x87   
    0x0061    66 68 00000000  PUSH 0x0   
    0x0067    66 ff76 08      PUSH DWORD [BP+0x8]   
    0x006B    68 0000         PUSH 0x0   
    0x006E    68 007c         PUSH 0x7c00   
    0x0071    68 0100         PUSH 0x1   
    0x0074    68 1000         PUSH 0x10   
    0x0077    b4 42           MOV AH, 0x42   
    0x0079    8a56 00         MOV DL, [BP+0x0]   
    0x007C    8bf4            MOV SI, SP   
    0x007E    cd 13           INT 0x13   
    0x0080    9f              LAHF   
    0x0081    83c4 10         ADD SP, 0x10   
    0x0084    9e              SAHF   
    0x0085    eb 14           JMP 0x9b   
    0x0087    b8 0102         MOV AX, 0x201   
    0x008A    bb 007c         MOV BX, 0x7c00   
    0x008D    8a56 00         MOV DL, [BP+0x0]   
    0x0090    8a76 01         MOV DH, [BP+0x1]   
    0x0093    8a4e 02         MOV CL, [BP+0x2]   
    0x0096    8a6e 03         MOV CH, [BP+0x3]   
    0x0099    cd 13           INT 0x13   
    0x009B    66 61           POPAD   
    0x009D    73 1c           JAE 0xbb   
    0x009F    fe4e 11         DEC BYTE [BP+0x11]   
    0x00A2    75 0c           JNZ 0xb0   
    0x00A4    807e 00 80      CMP BYTE [BP+0x0], 0x80   
    0x00A8    0f84 8a00       JZ 0x136   
    0x00AC    b2 80           MOV DL, 0x80   
    0x00AE    eb 84           JMP 0x34   
    0x00B0    55              PUSH BP   
    0x00B1    32e4            XOR AH, AH   
    0x00B3    8a56 00         MOV DL, [BP+0x0]   
    0x00B6    cd 13           INT 0x13   
    0x00B8    5d              POP BP   
    0x00B9    eb 9e           JMP 0x59   
    0x00BB    813e fe7d 55aa  CMP WORD [0x7dfe], 0xaa55   
    0x00C1    75 6e           JNZ 0x131   
    0x00C3    ff76 00         PUSH WORD [BP+0x0]   
    0x00C6    e8 8d00         CALL 0x156   
    0x00C9    75 17           JNZ 0xe2   
    0x00CB    fa              CLI   
    0x00CC    b0 d1           MOV AL, 0xd1   
    0x00CE    e6 64           OUT 0x64, AL   
    0x00D0    e8 8300         CALL 0x156   
    0x00D3    b0 df           MOV AL, 0xdf   
    0x00D5    e6 60           OUT 0x60, AL   
    0x00D7    e8 7c00         CALL 0x156   
    0x00DA    b0 ff           MOV AL, 0xff   
    0x00DC    e6 64           OUT 0x64, AL   
    0x00DE    e8 7500         CALL 0x156   
    0x00E1    fb              STI   
    0x00E2    b8 00bb         MOV AX, 0xbb00   
    0x00E5    cd 1a           INT 0x1a   
    0x00E7    66 23c0         AND EAX, EAX   
    0x00EA    75 3b           JNZ 0x127   
    0x00EC    66 81fb 54435041CMP EBX, 0x41504354   
    0x00F3    75 32           JNZ 0x127   
    0x00F5    81f9 0201       CMP CX, 0x102   
    0x00F9    72 2c           JB 0x127   
    0x00FB    66 68 07bb0000  PUSH 0xbb07   
    0x0101    66 68 00020000  PUSH 0x200   
    0x0107    66 68 08000000  PUSH 0x8   
    0x010D    66 53           PUSH EBX   
    0x010F    66 53           PUSH EBX   
    0x0111    66 55           PUSH EBP   
    0x0113    66 68 00000000  PUSH 0x0   
    0x0119    66 68 007c0000  PUSH 0x7c00   
    0x011F    66 61           POPAD   
    0x0121    68 0000         PUSH 0x0   
    0x0124    07              POP ES   
    0x0125    cd 1a           INT 0x1a   
    0x0127    5a              POP DX   
    0x0128    32f6            XOR DH, DH   
    0x012A    ea 007c 0000    JMP FAR 0x0:0x7c00   
    0x012F    cd 18           INT 0x18   
    0x0131    a0 b707         MOV AL, [0x7b7]   
    0x0134    eb 08           JMP 0x13e   
    0x0136    a0 b607         MOV AL, [0x7b6]   
    0x0139    eb 03           JMP 0x13e   
    0x013B    a0 b507         MOV AL, [0x7b5]   
    0x013E    32e4            XOR AH, AH   
    0x0140    05 0007         ADD AX, 0x700   
    0x0143    8bf0            MOV SI, AX   
    0x0145    ac              LODSB   
    0x0146    3c 00           CMP AL, 0x0   
    0x0148    74 09           JZ 0x153   
    0x014A    bb 0700         MOV BX, 0x7   
    0x014D    b4 0e           MOV AH, 0xe   
    0x014F    cd 10           INT 0x10   
    0x0151    eb f2           JMP 0x145   
    0x0153    f4              HLT   
    0x0154    eb fd           JMP 0x153   
    0x0156    2bc9            SUB CX, CX   
    0x0158    e4 64           IN AL, 0x64   
    0x015A    eb 00           JMP 0x15c   
    0x015C    24 02           AND AL, 0x2   
    0x015E    e0 f8           LOOPNZ 0x158   
    0x0160    24 02           AND AL, 0x2   
    0x0162    c3              RET   
    0x0163    49              DEC CX   
    0x0164    6e              OUTSB   
    0x0165    76 61           JBE 0x1c8   
    0x0167    6c              INSB   
    0x0168    6964 20 7061    IMUL SP, [SI+0x20], 0x6170   
    0x016D    72 74           JB 0x1e3   
    0x016F    6974 69 6f6e    IMUL SI, [SI+0x69], 0x6e6f   
    0x0174    2074 61         AND [SI+0x61], DH   
    0x0177    626c 65         BOUND BP, [SI+0x65]   
    0x017A    0045 72         ADD [DI+0x72], AL   
    0x017D    72 6f           JB 0x1ee   
    0x017F    72 20           JB 0x1a1   
    0x0181    6c              INSB   
    0x0182    6f              OUTSW   
    0x0183    61              POPA   
    0x0184    64 696e 67 206f IMUL BP, FS:[BP+0x67], 0x6f20   
    0x018A    70 65           JO 0x1f1   
    0x018C    72 61           JB 0x1ef   
    0x018E    74 69           JZ 0x1f9   
    0x0190    6e              OUTSB   
    0x0191    67 2073 79      AND [EBX+0x79], DH   
    0x0195    73 74           JAE 0x20b   
    0x0197    65 6d           INS WORD GS:[DI], DX   
    0x0199    004d 69         ADD [DI+0x69], CL   
    0x019C    73 73           JAE 0x211   
    0x019E    696e 67 206f    IMUL BP, [BP+0x67], 0x6f20   
    0x01A3    70 65           JO 0x20a   
    0x01A5    72 61           JB 0x208   
    0x01A7    74 69           JZ 0x212   
    0x01A9    6e              OUTSB   
    0x01AA    67 2073 79      AND [EBX+0x79], DH   
    0x01AE    73 74           JAE 0x224   
    0x01B0    65 6d           INS WORD GS:[DI], DX   
    0x01B2    0000            ADD [BX+SI], AL   
    0x01B4    0063 7b         ADD [BP+DI+0x7b], AH   
    0x01B7    9a 4b2a 10e3    CALL FAR 0xe310:0x2a4b   
    0x01BC    0000            ADD [BX+SI], AL   
    0x01BE    0020            ADD [BX+SI], AH   
    0x01C0    2100            AND [BX+SI], AX   
    0x01C2    1c fe           SBB AL, 0xfe   
    0x01C4    ff              DB 0xff   
    0x01C5    ff00            INC WORD [BX+SI]   
    0x01C7    0800            OR [BX+SI], AL   
    0x01C9    0000            ADD [BX+SI], AL   
    0x01CB    0020            ADD [BX+SI], AH   
    0x01CD    0380 feff       ADD AX, [BX+SI-0x2]   
    0x01D1    ff07            INC WORD [BX]   
    0x01D3    fe              DB 0xfe   
    0x01D4    ff              DB 0xff   
    0x01D5    ff00            INC WORD [BX+SI]   
    0x01D7    0820            OR [BX+SI], AH   
    0x01D9    0300            ADD AX, [BX+SI]   
    0x01DB    e0 a0           LOOPNZ 0x17d   
    0x01DD    0f              DB 0xf   
    0x01DE    00fe            ADD DH, BH   
    0x01E0    ff              DB 0xff   
    0x01E1    ff07            INC WORD [BX]   
    0x01E3    fe              DB 0xfe   
    0x01E4    ff              DB 0xff   
    0x01E5    ff00            INC WORD [BX+SI]   
    0x01E7    e8 c012         CALL 0x14aa   
    0x01EA    00f8            ADD AL, BH   
    0x01EC    8112 0000       ADC WORD [BP+SI], 0x0   
    0x01F0    0000            ADD [BX+SI], AL   
    0x01F2    0000            ADD [BX+SI], AL   
    0x01F4    0000            ADD [BX+SI], AL   
    0x01F6    0000            ADD [BX+SI], AL   
    0x01F8    0000            ADD [BX+SI], AL   
    0x01FA    0000            ADD [BX+SI], AL   
    0x01FC    0000            ADD [BX+SI], AL   
    0x01FE    55              PUSH BP   
    0x01FF    aa              STOSB   
    
    
     
  11. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Well there is nothing leaping out at me. There are some strange files there but they seem to be related to your Ccleaner actions.

    Let's do this.

    Please run OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :Commands
      [CreateRestorePoint]
      
      :Files
      ipconfig /flushdns /c
      netsh int ip reset c:\resetlog.txt  /c
      ipconfig /release /c
      ipconfig /renew /c
      
      :Commands
      [ResetHosts]
      [emptyflash]
      [emptyjava]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • It will produce a log for you on reboot, please post that log in your next reply.
    And after that

    Please run a free online scan with the ESET Online Scanner

    Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

    Note: This scan works with Internet Explorer or Mozilla FireFox.

    If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    • Click the green ESET Online Scanner box
    • Tick the box next to YES, I accept the Terms of Use
      then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start
    • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close, make sure you copy the logfile first!
    • Then click on: Finish
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.
    So when you return please post
    • OTL.txt
    • ESET log
     
  12. originaltale

    originaltale Thread Starter

    Joined:
    Sep 5, 2012
    Messages:
    21
    After running OTL, two icons [the regular notepad icon plus a gear - seems familiar but I can't remember where I've seen it] popped up on my desktop, where the OTL desktop icon is. I opened them up, I'm assuming they're the logs that should pop up after the reboot.



    [.ShellClassInfo]
    LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
    [LocalizedFileNames]
    CyberLink Media Suite.lnk=@C:\PROGRA~2\CYBERL~1\MEDIAS~1\MUITRA~1\PSEnvRes.dll,-110
    Norton AntiVirus.lnk=@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-101



    [.ShellClassInfo]
    LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
    IconResource=%SystemRoot%\system32\imageres.dll,-183
     
  13. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Something funny there.

    Did you have Norton disabled before running OTL?

    If not try it with Norton disabled or in Safe Mode.
     
  14. originaltale

    originaltale Thread Starter

    Joined:
    Sep 5, 2012
    Messages:
    21
    No, I didn't disable Norton before running.
    I'll rerun OTL.

    Also, I haven't gotten the chance to run ESET, I ran it yesterday night but my computer shut down halfway through because of an 'error' [on a blue screen] and it was too late to run another scan.
    It detected 5 threats/infected files, those were all 'Win32' files. Not sure if they've been removed or not, planning to rerun the scanner today.
     
  15. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Okie dokie. Look forward to seeing your scan results.:)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1067862