Jump to content

Recommended Posts

when I use IE some of the time I get redirected to a place that I did not click on...also Norton keeps blocking attacks...https Tidserv Request 2...it is very aggravating...so here goes:

dds.txt

DDS (Ver_10-10-10.03) - NTFS_AMD64

Run by Em at 3:21:25.49 on Mon 10/18/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.16382.14165 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ATKFUSService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SysWOW64\ASDR.exe

C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\ProgramData\Norton\NUA.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe

C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\mIRC\mirc.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\AUDIODG.EXE

C:\Users\Em\Desktop\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Em\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve

uStart Page = hxxp://www.foxnews.com/

uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll

BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll

TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll

TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll

{8dcb7100-df86-4384-8842-8fa844297b3f}

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - C:\Program Files (x86)Eudora\EuShlExt.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

TB-X64: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File

TB-X64: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

============= SERVICES / DRIVERS ===============

R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-6-30 293416]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1108000.005\symds64.sys [2010-9-23 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1108000.005\symefa64.sys [2010-9-23 221232]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys [2010-10-5 954928]

R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NAVx64\1108000.005\cchpx64.sys [2010-9-23 615040]

R1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2010-10-6 16384]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101015.003\IDSviA64.sys [2010-10-13 476720]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1108000.005\ironx64.sys [2010-9-23 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NAVx64\1108000.005\symtdiv.sys [2010-9-23 451120]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-26 202752]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-2-27 90112]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-25 13336]

R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2009-7-9 27096]

R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe [2010-9-23 126392]

R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [2010-8-22 126904]

R2 XTUService;Intel® Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-8-6 30944]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-2-26 6369792]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-2-26 188928]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-9-22 132656]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-27 75264]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-27 176640]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SgtSch2Svc;Seagate Scheduler2 Service;"C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe" --> C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [?]

S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;"C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" --> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [?]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-9-21 79360]

S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-9-17 1250816]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-27 1255736]

S4 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe --> C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [?]

=============== Created Last 30 ================

2010-10-18 05:30:37 -------- d-----w- C:\Users\Em\AppData\Roaming\Malwarebytes

2010-10-18 05:30:27 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2010-10-18 05:30:26 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-10-18 05:30:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-10-18 05:30:26 -------- d-----w- C:\PROGRA~3\Malwarebytes

2010-10-17 19:11:12 81952 ----a-w- C:\Windows\System32\drivers\tifsfilt.sys

2010-10-17 19:11:12 -------- d-----w- C:\PROGRA~3\Seagate

2010-10-17 19:11:11 711712 ----a-w- C:\Windows\System32\drivers\timntr.sys

2010-10-17 19:11:11 235040 ----a-w- C:\Windows\System32\drivers\snapman.sys

2010-10-17 19:11:05 593952 ----a-w- C:\Windows\System32\drivers\tdrpman.sys

2010-10-13 20:55:07 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-10-13 20:55:07 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-10-13 20:54:39 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2010-10-13 20:54:38 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

2010-10-13 20:54:38 2085376 ----a-w- C:\Windows\System32\ole32.dll

2010-10-13 20:54:38 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll

2010-10-13 20:54:07 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2010-10-13 20:54:07 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2010-10-13 20:53:39 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-10-13 20:53:39 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-10-13 20:53:10 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-10-13 20:53:10 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-10-13 20:52:42 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-10-13 20:52:42 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-10-13 20:52:14 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-10-13 20:52:14 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-10-13 20:50:39 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-10-13 20:50:39 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-10-13 20:50:39 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-10-13 20:50:39 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-10-13 20:50:39 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-10-13 20:50:10 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-10-06 05:02:09 16384 ----a-w- C:\Windows\System32\drivers\EIO64.sys

2010-10-03 15:51:33 44544 ----a-w- C:\Windows\SysWow64\GIF89.DLL

2010-10-03 15:51:33 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll

2010-10-03 15:51:33 200704 ----a-w- C:\Windows\SysWow64\vbalExpBar6.ocx

2010-10-03 15:51:33 15360 ----a-w- C:\Windows\SysWow64\inetfr.DLL

2010-10-03 15:51:33 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL

2010-10-03 15:51:33 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL

2010-10-03 15:51:33 115920 ----a-w- C:\Windows\SysWow64\msinet.OCX

2010-10-03 15:51:33 101888 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL

2010-10-03 15:51:32 484352 ----a-w- C:\Windows\SysWow64\lame_enc.dll

2010-10-03 15:51:32 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL

2010-10-03 15:51:32 152848 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX

2010-10-03 15:51:32 -------- d-----w- C:\Users\Em\AppData\Roaming\FreeBurner

2010-10-03 15:51:32 -------- d-----w- C:\Program Files (x86)\Free Easy Burner

2010-10-02 08:51:59 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro

2010-10-02 08:51:58 -------- d-----w- C:\Windows\PCHEALTH

2010-09-29 07:00:28 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2010-09-29 05:36:50 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-09-29 05:36:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-09-29 05:36:16 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-09-29 05:36:16 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2010-09-27 22:05:21 -------- d-----w- C:\PROGRA~3\EPU

2010-09-25 07:23:08 -------- d-----w- C:\Users\Em\AppData\Roaming\Intel Corporation

2010-09-25 07:21:14 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2010-09-25 06:13:31 315904 ----a-w- C:\Windows\SysWow64\Difx119c.rra

2010-09-25 06:13:31 -------- d-----w- C:\RaidTool

2010-09-23 23:06:26 615040 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\cchpx64.sys

2010-09-23 23:06:26 505392 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\srtsp64.sys

2010-09-23 23:06:26 451120 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\symtdiv.sys

2010-09-23 23:06:26 433200 ----a-r- C:\Windows\System32\drivers\NAVx64\1108000.005\symds64.sys

2010-09-23 23:06:26 32304 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\srtspx64.sys

2010-09-23 23:06:26 221232 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\symefa64.sys

2010-09-23 23:06:26 150064 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\ironx64.sys

2010-09-23 22:46:57 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1108000.005

2010-09-22 22:10:52 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2010-09-22 10:20:25 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2010-09-22 08:55:54 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2010-09-22 08:55:51 -------- d-----w- C:\Program Files\Symantec

2010-09-22 08:55:32 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus

2010-09-21 13:11:28 -------- d-----w- C:\Program Files\Creative

2010-09-21 13:11:19 -------- d-----w- C:\Program Files (x86)\Common Files\Creative

2010-09-21 13:11:16 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared

==================== Find3M ====================

2010-09-21 13:11:17 419840 ----a-w- C:\Windows\System32\wrap_oal.dll

2010-09-21 13:11:17 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2010-09-21 13:11:17 133632 ----a-w- C:\Windows\System32\OpenAL32.dll

2010-09-21 13:11:17 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-08-26 19:59:52 16896 ----a-w- C:\Windows\AsTaskSched.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2010-07-21 20:59:28 592272 ----a-w- C:\Windows\System32\ipcoin80.dll

============= FINISH: 3:21:49.49 ===============

malwarebytes Log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4867

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/18/2010 3:17:20 AM

mbam-log-2010-10-18 (03-17-20).txt

Scan type: Quick scan

Objects scanned: 142170

Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

the ark log showed absolutly nothing

thank you very much for your assistance

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

OTL logfile created on: 10/19/2010 9:05:31 AM - Run 2

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Em\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 14.00 Gb Available Physical Memory | 85.00% Memory free

32.00 Gb Paging File | 29.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 59.62 Gb Total Space | 10.48 Gb Free Space | 17.57% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 510.45 Gb Free Space | 54.80% Space Free | Partition Type: NTFS

Drive E: | 931.51 Gb Total Space | 801.51 Gb Free Space | 86.04% Space Free | Partition Type: NTFS

Computer Name: EM-PC | User Name: Em | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/19 08:30:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Em\Desktop\OTL.exe

PRC - [2010/10/13 08:57:50 | 003,238,488 | ---- | M] (mIRC Co. Ltd.) -- C:\mIRC\mirc.exe

PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/07/23 01:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

PRC - [2010/05/23 01:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe

PRC - [2010/04/27 16:39:38 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/01/19 20:43:02 | 001,060,992 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe

PRC - [2009/10/26 17:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

PRC - [2009/10/26 17:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

PRC - [2009/08/19 16:44:56 | 000,603,136 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe

PRC - [2009/08/19 07:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

PRC - [2009/08/06 08:55:22 | 000,030,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

PRC - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe

PRC - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2006/10/03 16:15:44 | 002,658,304 | ---- | M] (QUALCOMM Incorporated) -- C:\Program Files (x86)Eudora\Eudora.exe

========== Modules (SafeList) ==========

MOD - [2010/10/19 08:30:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Em\Desktop\OTL.exe

MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2009/07/13 21:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll

MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/26 03:07:54 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/12/01 14:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2010/09/21 09:11:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2010/07/23 01:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe -- (NAV)

SRV - [2010/05/23 01:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe -- (NSL)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2009/10/26 17:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)

SRV - [2009/08/19 07:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2009/08/06 08:55:22 | 000,030,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -- (XTUService) Intel®

SRV - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2010/10/18 10:00:48 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2010/10/17 15:11:12 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)

DRV:64bit: - [2010/10/17 15:11:12 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)

DRV:64bit: - [2010/10/06 01:02:09 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)

DRV:64bit: - [2010/08/10 17:29:14 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2010/07/28 23:33:05 | 000,821,808 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymEFA64.sys -- (SymEFA)

DRV:64bit: - [2010/07/28 22:54:37 | 000,715,824 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010/07/28 22:54:37 | 000,040,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2010/07/12 21:20:22 | 000,381,488 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\symnets.sys -- (SymNetS)

DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2010/06/30 22:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)

DRV:64bit: - [2010/06/30 00:10:58 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2010/06/27 00:05:55 | 000,168,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\Ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/06/13 06:50:57 | 000,450,096 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymDS64.sys -- (SymDS)

DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/02/26 03:22:38 | 006,369,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/02/26 03:22:38 | 006,369,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/02/26 02:12:10 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/01/28 18:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/01/18 20:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)

DRV:64bit: - [2009/10/27 03:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009/10/27 03:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/10/16 10:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)

DRV:64bit: - [2009/09/17 19:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/13 15:31:02 | 000,063,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel®

DRV:64bit: - [2009/02/17 18:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)

DRV:64bit: - [2009/02/17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)

DRV - [2010/10/17 01:00:00 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101018.054\EX64.SYS -- (NAVEX15)

DRV - [2010/10/17 01:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101018.054\ENG64.SYS -- (NAVENG)

DRV - [2010/10/13 15:59:27 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101015.005\IDSviA64.sys -- (IDSVia64)

DRV - [2010/09/22 04:57:47 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2010/09/22 04:57:47 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/08/31 18:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2009/12/18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)

DRV - [2009/07/09 10:53:00 | 000,027,096 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys -- (IOCBIOS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/

IE - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 BF 22 43 34 C9 CA 01 [binary data]

IE - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.foxnews.com/

IE - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll ()

IE - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST\ [2010/08/22 22:30:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/15 16:25:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/10/18 10:25:28 | 000,000,000 | ---D | M]

[2010/06/13 07:10:52 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\Mozilla\Extensions

[2010/02/27 08:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Em\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Reg Error: Value error. File not found

O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - Reg Error: Value error. File not found

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()

O3 - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [bCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer...vzTCPConfig.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)Eudora\EuShlExt.dll (Qualcomm Inc.)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{faebca53-c052-11df-ac6c-806e6f6e6963}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/19 08:30:36 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Em\Desktop\OTL.exe

[2010/10/18 01:30:37 | 000,000,000 | ---D | C] -- C:\Users\Em\AppData\Roaming\Malwarebytes

[2010/10/18 01:30:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/10/18 01:30:26 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/10/18 01:30:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/10/18 01:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/10/17 15:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate

[2010/10/06 01:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2010/10/06 01:02:09 | 000,016,384 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\EIO64.sys

[2010/10/06 01:01:49 | 005,473,280 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKOSDX64.dll

[2010/10/06 01:01:49 | 005,463,552 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysWow64\ATKOSDX32.dll

[2010/10/06 01:01:49 | 002,210,304 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKDispCPL.dll

[2010/10/06 01:01:49 | 001,354,240 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atklumdispx.dll

[2010/10/06 01:01:49 | 000,150,528 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atkdxtdispx.dll

[2010/10/06 01:01:49 | 000,102,400 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\NetVideo_SBS.ax

[2010/10/06 01:01:49 | 000,063,488 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKFUSService.exe

[2010/10/06 01:01:49 | 000,039,424 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\ATKDispLowFilter.sys

[2010/10/06 01:01:49 | 000,017,792 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\asusgsb.sys

[2010/10/06 01:01:49 | 000,016,896 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKOGL64.dll

[2010/10/06 01:01:49 | 000,015,360 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysWow64\ATKOGL32.dll

[2010/10/06 01:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS

[2010/10/06 01:01:48 | 001,335,808 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\ATKLUMDISP.dll

[2010/10/06 01:01:48 | 000,134,144 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\atkdxtdisp.dll

[2010/10/06 01:01:48 | 000,102,400 | ---- | C] (ASMedia Techonology) -- C:\Windows\ASMT_CE.dll

[2010/10/06 01:01:48 | 000,071,680 | ---- | C] (ASMedia Technology) -- C:\Windows\i2c.dll

[2010/10/06 01:01:48 | 000,069,632 | ---- | C] (ASMedia Technology) -- C:\Windows\i2c_i.dll

[2010/10/06 01:01:48 | 000,068,608 | ---- | C] (ASMedia Technology) -- C:\Windows\nVGA_i2c.dll

[2010/10/03 11:51:33 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\vbalExpBar6.ocx

[2010/10/03 11:51:33 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll

[2010/10/03 11:51:32 | 000,000,000 | ---D | C] -- C:\Users\Em\AppData\Roaming\FreeBurner

[2010/10/03 11:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Easy Burner

[2010/10/02 04:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro

[2010/10/02 04:51:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/09/28 03:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center

[2010/09/27 18:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\EPU

[2010/09/25 03:23:08 | 000,000,000 | ---D | C] -- C:\Users\Em\AppData\Roaming\Intel Corporation

[2010/09/25 02:13:31 | 000,000,000 | ---D | C] -- C:\RaidTool

[2010/09/22 06:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared

[2010/09/22 04:55:54 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2010/09/22 04:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2010/09/22 04:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus

[2010/09/21 09:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Creative

[2010/09/21 09:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative

[2010/09/21 09:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared

[2010/09/16 21:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive

[2010/09/16 21:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative

[2010/09/15 18:26:29 | 000,000,000 | ---D | C] -- C:\Windows\File & Folder List Maker

[2010/09/15 16:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

[2010/09/15 10:20:49 | 000,000,000 | ---D | C] -- C:\Users\Em\AppData\Roaming\Tific

[2010/09/10 12:33:01 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2010/09/10 11:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard

[2010/09/10 11:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP

[2010/09/09 08:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2010/09/09 08:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2010/09/07 00:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG

[2010/09/06 23:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft

[2010/09/06 23:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar

[2010/09/06 23:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2010/09/06 23:53:14 | 000,235,008 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\SysWow64\hpzc35oe.dll

[2010/09/06 10:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint

[2010/08/31 00:18:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/08/26 15:59:52 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll

[2010/08/26 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell

[2010/08/25 03:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010/08/24 12:34:56 | 000,000,000 | ---D | C] -- C:\Users\Em\AppData\Local\CrashDumps

[2010/08/22 22:30:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64

[2010/08/22 22:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Safe Web Lite

[2010/08/22 22:30:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\0100010.008

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/19 08:54:08 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/10/19 08:39:14 | 000,133,632 | ---- | M] () -- C:\Users\Em\Desktop\RKUnhookerLE.EXE

[2010/10/19 08:30:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Em\Desktop\OTL.exe

[2010/10/18 10:58:16 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/18 10:58:16 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/18 10:57:48 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/10/18 10:57:48 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/10/18 10:57:48 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/10/18 10:50:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/18 10:50:47 | 4293,431,294 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/18 10:24:45 | 001,202,862 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\Cat.DB

[2010/10/18 10:00:48 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2010/10/18 10:00:48 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2010/10/18 10:00:48 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2010/10/18 09:58:58 | 000,001,940 | ---- | M] () -- C:\Users\Em\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/10/18 03:26:07 | 000,293,376 | ---- | M] () -- C:\Users\Em\Desktop\vu1l46fo.exe

[2010/10/18 03:21:06 | 000,544,768 | ---- | M] () -- C:\Users\Em\Desktop\dds.scr

[2010/10/18 03:18:42 | 000,050,477 | ---- | M] () -- C:\Users\Em\Desktop\Defogger.exe

[2010/10/18 01:30:29 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/14 03:18:55 | 000,168,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/10/06 01:02:09 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\EIO64.sys

[2010/10/03 11:51:33 | 000,001,101 | ---- | M] () -- C:\Users\Em\Desktop\Free Easy Burner.lnk

[2010/10/02 11:24:01 | 000,059,568 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/09/28 04:36:08 | 000,007,606 | ---- | M] () -- C:\Users\Em\AppData\Local\resmon.resmoncfg

[2010/09/21 09:11:17 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2010/09/21 09:11:17 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2010/09/21 03:00:31 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc

[2010/09/19 22:20:10 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2010/09/16 03:31:23 | 000,237,748 | ---- | M] () -- C:\Windows\hpwins20.dat.temp

[2010/09/06 10:28:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf

[2010/09/06 10:27:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf

[2010/08/26 15:59:52 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll

[2010/08/25 03:11:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf

[2010/08/17 02:21:53 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\isolate.ini

[2010/08/04 14:08:49 | 000,030,406 | ---- | M] () -- C:\Windows\Ascd_tmp.ini

[2010/08/03 21:39:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf

[2010/08/03 21:36:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64k_01009.Wdf

[2010/07/28 23:33:05 | 000,821,808 | R--- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymEFA64.sys

[2010/07/28 23:33:05 | 000,007,412 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymEFA64.cat

[2010/07/28 23:33:05 | 000,003,373 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymEFA.inf

[2010/07/28 22:54:37 | 000,715,824 | R--- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtsp64.sys

[2010/07/28 22:54:37 | 000,040,496 | R--- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtspx64.sys

[2010/07/28 22:54:37 | 000,007,414 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtspx64.cat

[2010/07/28 22:54:37 | 000,001,422 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtspx64.inf

[2010/07/28 22:54:36 | 000,007,410 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtsp64.cat

[2010/07/28 22:54:36 | 000,001,438 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtsp64.inf

[2010/07/28 09:56:28 | 000,001,678 | ---- | M] () -- C:\Windows\hpwmdl20.dat.temp

[2010/07/21 21:27:14 | 000,007,410 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\symnet64.cat

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/19 08:38:16 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/10/19 08:38:00 | 000,133,632 | ---- | C] () -- C:\Users\Em\Desktop\RKUnhookerLE.EXE

[2010/10/18 03:26:05 | 000,293,376 | ---- | C] () -- C:\Users\Em\Desktop\vu1l46fo.exe

[2010/10/18 03:21:04 | 000,544,768 | ---- | C] () -- C:\Users\Em\Desktop\dds.scr

[2010/10/18 03:18:42 | 000,050,477 | ---- | C] () -- C:\Users\Em\Desktop\Defogger.exe

[2010/10/18 01:30:29 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/14 17:43:29 | 000,001,940 | ---- | C] () -- C:\Users\Em\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/10/06 01:01:49 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll

[2010/10/06 01:01:49 | 000,010,766 | ---- | C] () -- C:\Windows\SysNative\asusgsb.cat

[2010/10/06 01:01:49 | 000,010,733 | ---- | C] () -- C:\Windows\SysNative\ATKDispLowFilter.cat

[2010/10/06 01:01:49 | 000,002,109 | ---- | C] () -- C:\Windows\SysNative\asusgsb.inf

[2010/10/06 01:01:49 | 000,001,849 | ---- | C] () -- C:\Windows\SysNative\ATKDispLowFilter.inf

[2010/10/06 01:01:48 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/10/06 01:01:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/10/06 01:01:48 | 000,002,963 | ---- | C] () -- C:\Windows\SysWow64\xvid.inf

[2010/10/03 11:51:33 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL

[2010/10/03 11:51:33 | 000,001,101 | ---- | C] () -- C:\Users\Em\Desktop\Free Easy Burner.lnk

[2010/10/03 11:51:32 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2010/09/22 04:55:54 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2010/09/22 04:55:54 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2010/09/19 22:23:17 | 000,008,897 | ---- | C] () -- C:\Windows\SysWow64\CTAPO64.cat

[2010/09/06 10:28:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf

[2010/09/06 10:27:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf

[2010/08/25 03:11:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf

[2010/08/22 22:30:35 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\0100010.008\isolate.ini

[2010/08/03 21:39:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf

[2010/08/03 21:36:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64k_01009.Wdf

[2010/08/02 01:17:51 | 000,059,568 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/05/27 03:53:14 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2010/05/27 03:53:14 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2010/05/20 14:45:41 | 000,747,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/04/06 01:02:09 | 000,007,606 | ---- | C] () -- C:\Users\Em\AppData\Local\resmon.resmoncfg

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/03/15 01:51:36 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini

[2010/03/15 01:51:36 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2010/03/11 21:33:23 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2010/03/01 20:22:53 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/02/28 11:24:49 | 000,068,987 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/02/27 14:58:24 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll

[2010/02/27 14:56:49 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\APmpg4v1.dll

[2010/02/27 11:04:32 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini

[2010/02/27 03:31:09 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2010/02/27 03:31:09 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2010/02/27 03:29:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2010/02/27 03:29:10 | 000,030,406 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2010/02/27 02:17:03 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2010/02/27 02:17:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009/08/03 19:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[2008/11/13 10:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini

[2008/01/14 21:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

[2007/12/04 09:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini

[2007/06/07 09:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini

[2004/01/27 08:13:54 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll

[2004/01/27 08:13:14 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\libfaac.dll

========== LOP Check ==========

[2010/10/13 15:41:42 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\FreeBurner

[2010/03/21 22:52:32 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\GARMIN

[2010/02/27 08:52:25 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\Qualcomm

[2010/07/01 16:19:56 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\TechWizard

[2010/02/27 08:43:54 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\Thunderbird

[2010/09/15 10:20:49 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\Tific

[2010/02/27 11:19:27 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\WeatherBug

[2010/10/18 02:14:33 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL logfile created on: 10/19/2010 9:05:31 AM - Run 2

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Em\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 14.00 Gb Available Physical Memory | 85.00% Memory free

32.00 Gb Paging File | 29.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 59.62 Gb Total Space | 10.48 Gb Free Space | 17.57% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 510.45 Gb Free Space | 54.80% Space Free | Partition Type: NTFS

Drive E: | 931.51 Gb Total Space | 801.51 Gb Free Space | 86.04% Space Free | Partition Type: NTFS

Computer Name: EM-PC | User Name: Em | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/19 08:30:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Em\Desktop\OTL.exe

PRC - [2010/10/13 08:57:50 | 003,238,488 | ---- | M] (mIRC Co. Ltd.) -- C:\mIRC\mirc.exe

PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/07/23 01:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

PRC - [2010/05/23 01:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe

PRC - [2010/04/27 16:39:38 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/01/19 20:43:02 | 001,060,992 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe

PRC - [2009/10/26 17:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

PRC - [2009/10/26 17:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

PRC - [2009/08/19 16:44:56 | 000,603,136 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe

PRC - [2009/08/19 07:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

PRC - [2009/08/06 08:55:22 | 000,030,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

PRC - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe

PRC - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2006/10/03 16:15:44 | 002,658,304 | ---- | M] (QUALCOMM Incorporated) -- C:\Program Files (x86)Eudora\Eudora.exe

========== Modules (SafeList) ==========

MOD - [2010/10/19 08:30:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Em\Desktop\OTL.exe

MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2009/07/13 21:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll

MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/26 03:07:54 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/12/01 14:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2010/09/21 09:11:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2010/07/23 01:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe -- (NAV)

SRV - [2010/05/23 01:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe -- (NSL)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2009/10/26 17:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)

SRV - [2009/08/19 07:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2009/08/06 08:55:22 | 000,030,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -- (XTUService) Intel®

SRV - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2010/10/18 10:00:48 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2010/10/17 15:11:12 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)

DRV:64bit: - [2010/10/17 15:11:12 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)

DRV:64bit: - [2010/10/06 01:02:09 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)

DRV:64bit: - [2010/08/10 17:29:14 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2010/07/28 23:33:05 | 000,821,808 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymEFA64.sys -- (SymEFA)

DRV:64bit: - [2010/07/28 22:54:37 | 000,715,824 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010/07/28 22:54:37 | 000,040,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2010/07/12 21:20:22 | 000,381,488 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\symnets.sys -- (SymNetS)

DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2010/06/30 22:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)

DRV:64bit: - [2010/06/30 00:10:58 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2010/06/27 00:05:55 | 000,168,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\Ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/06/13 06:50:57 | 000,450,096 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymDS64.sys -- (SymDS)

DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/02/26 03:22:38 | 006,369,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/02/26 03:22:38 | 006,369,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/02/26 02:12:10 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/01/28 18:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/01/18 20:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)

DRV:64bit: - [2009/10/27 03:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009/10/27 03:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/10/16 10:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)

DRV:64bit: - [2009/09/17 19:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/13 15:31:02 | 000,063,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel®

DRV:64bit: - [2009/02/17 18:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)

DRV:64bit: - [2009/02/17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)

DRV - [2010/10/17 01:00:00 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101018.054\EX64.SYS -- (NAVEX15)

DRV - [2010/10/17 01:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101018.054\ENG64.SYS -- (NAVENG)

DRV - [2010/10/13 15:59:27 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101015.005\IDSviA64.sys -- (IDSVia64)

DRV - [2010/09/22 04:57:47 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2010/09/22 04:57:47 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/08/31 18:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2009/12/18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)

DRV - [2009/07/09 10:53:00 | 000,027,096 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys -- (IOCBIOS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/

IE - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 BF 22 43 34 C9 CA 01 [binary data]

IE - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.foxnews.com/

IE - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll ()

IE - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST\ [2010/08/22 22:30:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/15 16:25:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/10/18 10:25:28 | 000,000,000 | ---D | M]

[2010/06/13 07:10:52 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\Mozilla\Extensions

[2010/02/27 08:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Em\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Reg Error: Value error. File not found

O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - Reg Error: Value error. File not found

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()

O3 - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [bCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1222173880-4280229480-1958654446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer...vzTCPConfig.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)Eudora\EuShlExt.dll (Qualcomm Inc.)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{faebca53-c052-11df-ac6c-806e6f6e6963}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/19 08:30:36 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Em\Desktop\OTL.exe

[2010/10/18 01:30:37 | 000,000,000 | ---D | C] -- C:\Users\Em\AppData\Roaming\Malwarebytes

[2010/10/18 01:30:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/10/18 01:30:26 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/10/18 01:30:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/10/18 01:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/10/17 15:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate

[2010/10/06 01:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2010/10/06 01:02:09 | 000,016,384 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\EIO64.sys

[2010/10/06 01:01:49 | 005,473,280 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKOSDX64.dll

[2010/10/06 01:01:49 | 005,463,552 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysWow64\ATKOSDX32.dll

[2010/10/06 01:01:49 | 002,210,304 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKDispCPL.dll

[2010/10/06 01:01:49 | 001,354,240 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atklumdispx.dll

[2010/10/06 01:01:49 | 000,150,528 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atkdxtdispx.dll

[2010/10/06 01:01:49 | 000,102,400 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\NetVideo_SBS.ax

[2010/10/06 01:01:49 | 000,063,488 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKFUSService.exe

[2010/10/06 01:01:49 | 000,039,424 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\ATKDispLowFilter.sys

[2010/10/06 01:01:49 | 000,017,792 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\asusgsb.sys

[2010/10/06 01:01:49 | 000,016,896 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKOGL64.dll

[2010/10/06 01:01:49 | 000,015,360 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysWow64\ATKOGL32.dll

[2010/10/06 01:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS

[2010/10/06 01:01:48 | 001,335,808 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\ATKLUMDISP.dll

[2010/10/06 01:01:48 | 000,134,144 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysWow64\atkdxtdisp.dll

[2010/10/06 01:01:48 | 000,102,400 | ---- | C] (ASMedia Techonology) -- C:\Windows\ASMT_CE.dll

[2010/10/06 01:01:48 | 000,071,680 | ---- | C] (ASMedia Technology) -- C:\Windows\i2c.dll

[2010/10/06 01:01:48 | 000,069,632 | ---- | C] (ASMedia Technology) -- C:\Windows\i2c_i.dll

[2010/10/06 01:01:48 | 000,068,608 | ---- | C] (ASMedia Technology) -- C:\Windows\nVGA_i2c.dll

[2010/10/03 11:51:33 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\vbalExpBar6.ocx

[2010/10/03 11:51:33 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll

[2010/10/03 11:51:32 | 000,000,000 | ---D | C] -- C:\Users\Em\AppData\Roaming\FreeBurner

[2010/10/03 11:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Easy Burner

[2010/10/02 04:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro

[2010/10/02 04:51:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/09/28 03:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center

[2010/09/27 18:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\EPU

[2010/09/25 03:23:08 | 000,000,000 | ---D | C] -- C:\Users\Em\AppData\Roaming\Intel Corporation

[2010/09/25 02:13:31 | 000,000,000 | ---D | C] -- C:\RaidTool

[2010/09/22 06:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared

[2010/09/22 04:55:54 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2010/09/22 04:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2010/09/22 04:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus

[2010/09/21 09:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Creative

[2010/09/21 09:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative

[2010/09/21 09:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared

[2010/09/16 21:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive

[2010/09/16 21:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative

[2010/09/15 18:26:29 | 000,000,000 | ---D | C] -- C:\Windows\File & Folder List Maker

[2010/09/15 16:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

[2010/09/15 10:20:49 | 000,000,000 | ---D | C] -- C:\Users\Em\AppData\Roaming\Tific

[2010/09/10 12:33:01 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2010/09/10 11:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard

[2010/09/10 11:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP

[2010/09/09 08:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2010/09/09 08:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2010/09/07 00:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG

[2010/09/06 23:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft

[2010/09/06 23:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar

[2010/09/06 23:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2010/09/06 23:53:14 | 000,235,008 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\SysWow64\hpzc35oe.dll

[2010/09/06 10:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint

[2010/08/31 00:18:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/08/26 15:59:52 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll

[2010/08/26 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell

[2010/08/25 03:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010/08/24 12:34:56 | 000,000,000 | ---D | C] -- C:\Users\Em\AppData\Local\CrashDumps

[2010/08/22 22:30:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64

[2010/08/22 22:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Safe Web Lite

[2010/08/22 22:30:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\0100010.008

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/19 08:54:08 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/10/19 08:39:14 | 000,133,632 | ---- | M] () -- C:\Users\Em\Desktop\RKUnhookerLE.EXE

[2010/10/19 08:30:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Em\Desktop\OTL.exe

[2010/10/18 10:58:16 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/18 10:58:16 | 000,015,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/18 10:57:48 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/10/18 10:57:48 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/10/18 10:57:48 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/10/18 10:50:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/18 10:50:47 | 4293,431,294 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/18 10:24:45 | 001,202,862 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\Cat.DB

[2010/10/18 10:00:48 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2010/10/18 10:00:48 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2010/10/18 10:00:48 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2010/10/18 09:58:58 | 000,001,940 | ---- | M] () -- C:\Users\Em\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/10/18 03:26:07 | 000,293,376 | ---- | M] () -- C:\Users\Em\Desktop\vu1l46fo.exe

[2010/10/18 03:21:06 | 000,544,768 | ---- | M] () -- C:\Users\Em\Desktop\dds.scr

[2010/10/18 03:18:42 | 000,050,477 | ---- | M] () -- C:\Users\Em\Desktop\Defogger.exe

[2010/10/18 01:30:29 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/14 03:18:55 | 000,168,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/10/06 01:02:09 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\EIO64.sys

[2010/10/03 11:51:33 | 000,001,101 | ---- | M] () -- C:\Users\Em\Desktop\Free Easy Burner.lnk

[2010/10/02 11:24:01 | 000,059,568 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/09/28 04:36:08 | 000,007,606 | ---- | M] () -- C:\Users\Em\AppData\Local\resmon.resmoncfg

[2010/09/21 09:11:17 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2010/09/21 09:11:17 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2010/09/21 03:00:31 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc

[2010/09/19 22:20:10 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2010/09/16 03:31:23 | 000,237,748 | ---- | M] () -- C:\Windows\hpwins20.dat.temp

[2010/09/06 10:28:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf

[2010/09/06 10:27:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf

[2010/08/26 15:59:52 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll

[2010/08/25 03:11:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf

[2010/08/17 02:21:53 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\isolate.ini

[2010/08/04 14:08:49 | 000,030,406 | ---- | M] () -- C:\Windows\Ascd_tmp.ini

[2010/08/03 21:39:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf

[2010/08/03 21:36:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64k_01009.Wdf

[2010/07/28 23:33:05 | 000,821,808 | R--- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymEFA64.sys

[2010/07/28 23:33:05 | 000,007,412 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymEFA64.cat

[2010/07/28 23:33:05 | 000,003,373 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymEFA.inf

[2010/07/28 22:54:37 | 000,715,824 | R--- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtsp64.sys

[2010/07/28 22:54:37 | 000,040,496 | R--- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtspx64.sys

[2010/07/28 22:54:37 | 000,007,414 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtspx64.cat

[2010/07/28 22:54:37 | 000,001,422 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtspx64.inf

[2010/07/28 22:54:36 | 000,007,410 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtsp64.cat

[2010/07/28 22:54:36 | 000,001,438 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtsp64.inf

[2010/07/28 09:56:28 | 000,001,678 | ---- | M] () -- C:\Windows\hpwmdl20.dat.temp

[2010/07/21 21:27:14 | 000,007,410 | R--- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\symnet64.cat

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/19 08:38:16 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/10/19 08:38:00 | 000,133,632 | ---- | C] () -- C:\Users\Em\Desktop\RKUnhookerLE.EXE

[2010/10/18 03:26:05 | 000,293,376 | ---- | C] () -- C:\Users\Em\Desktop\vu1l46fo.exe

[2010/10/18 03:21:04 | 000,544,768 | ---- | C] () -- C:\Users\Em\Desktop\dds.scr

[2010/10/18 03:18:42 | 000,050,477 | ---- | C] () -- C:\Users\Em\Desktop\Defogger.exe

[2010/10/18 01:30:29 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/14 17:43:29 | 000,001,940 | ---- | C] () -- C:\Users\Em\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/10/06 01:01:49 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll

[2010/10/06 01:01:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll

[2010/10/06 01:01:49 | 000,010,766 | ---- | C] () -- C:\Windows\SysNative\asusgsb.cat

[2010/10/06 01:01:49 | 000,010,733 | ---- | C] () -- C:\Windows\SysNative\ATKDispLowFilter.cat

[2010/10/06 01:01:49 | 000,002,109 | ---- | C] () -- C:\Windows\SysNative\asusgsb.inf

[2010/10/06 01:01:49 | 000,001,849 | ---- | C] () -- C:\Windows\SysNative\ATKDispLowFilter.inf

[2010/10/06 01:01:48 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/10/06 01:01:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/10/06 01:01:48 | 000,002,963 | ---- | C] () -- C:\Windows\SysWow64\xvid.inf

[2010/10/03 11:51:33 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL

[2010/10/03 11:51:33 | 000,001,101 | ---- | C] () -- C:\Users\Em\Desktop\Free Easy Burner.lnk

[2010/10/03 11:51:32 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2010/09/22 04:55:54 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2010/09/22 04:55:54 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2010/09/19 22:23:17 | 000,008,897 | ---- | C] () -- C:\Windows\SysWow64\CTAPO64.cat

[2010/09/06 10:28:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf

[2010/09/06 10:27:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf

[2010/08/25 03:11:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf

[2010/08/22 22:30:35 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\0100010.008\isolate.ini

[2010/08/03 21:39:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf

[2010/08/03 21:36:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64k_01009.Wdf

[2010/08/02 01:17:51 | 000,059,568 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2010/05/27 03:53:14 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2010/05/27 03:53:14 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2010/05/20 14:45:41 | 000,747,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/04/06 01:02:09 | 000,007,606 | ---- | C] () -- C:\Users\Em\AppData\Local\resmon.resmoncfg

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/03/15 01:51:36 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini

[2010/03/15 01:51:36 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2010/03/11 21:33:23 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2010/03/01 20:22:53 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/02/28 11:24:49 | 000,068,987 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/02/27 14:58:24 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll

[2010/02/27 14:56:49 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\APmpg4v1.dll

[2010/02/27 11:04:32 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini

[2010/02/27 03:31:09 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2010/02/27 03:31:09 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2010/02/27 03:29:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2010/02/27 03:29:10 | 000,030,406 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2010/02/27 02:17:03 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2010/02/27 02:17:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009/08/03 19:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[2008/11/13 10:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini

[2008/01/14 21:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

[2007/12/04 09:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini

[2007/06/07 09:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini

[2004/01/27 08:13:54 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll

[2004/01/27 08:13:14 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\libfaac.dll

========== LOP Check ==========

[2010/10/13 15:41:42 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\FreeBurner

[2010/03/21 22:52:32 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\GARMIN

[2010/02/27 08:52:25 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\Qualcomm

[2010/07/01 16:19:56 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\TechWizard

[2010/02/27 08:43:54 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\Thunderbird

[2010/09/15 10:20:49 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\Tific

[2010/02/27 11:19:27 | 000,000,000 | ---D | M] -- C:\Users\Em\AppData\Roaming\WeatherBug

[2010/10/18 02:14:33 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Hi again, although tidserv isn't very common on 64 bit systems, lets first check for that.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x0000007c

Kernel Drivers (total 220):

0x02E4A000 \SystemRoot\system32\ntoskrnl.exe

0x02E01000 \SystemRoot\system32\hal.dll

0x00BB8000 \SystemRoot\system32\kdcom.dll

0x00CB9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CFD000 \SystemRoot\system32\PSHED.dll

0x00D11000 \SystemRoot\system32\CLFS.SYS

0x00EEE000 \SystemRoot\system32\CI.dll

0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00D6F000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00EB3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00EBC000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00FAE000 \SystemRoot\system32\DRIVERS\pci.sys

0x00FE1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00EC6000 \SystemRoot\System32\drivers\partmgr.sys

0x00DC6000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00EDB000 \SystemRoot\system32\DRIVERS\pciide.sys

0x00FEE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00C5C000 \SystemRoot\system32\DRIVERS\jraid.sys

0x00C7D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x00DDB000 \SystemRoot\System32\drivers\mountmgr.sys

0x010F5000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x012FF000 \SystemRoot\system32\DRIVERS\atapi.sys

0x01308000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x01332000 \SystemRoot\system32\DRIVERS\msahci.sys

0x0133D000 \SystemRoot\system32\DRIVERS\mv91xx.sys

0x013C9000 \SystemRoot\system32\DRIVERS\mvxxmm.sys

0x013D1000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x01000000 \SystemRoot\system32\drivers\fltmgr.sys

0x0104C000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SYMDS64.SYS

0x010BD000 \SystemRoot\system32\drivers\fileinfo.sys

0x01411000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SYMEFA64.SYS

0x01651000 \SystemRoot\System32\Drivers\Ntfs.sys

0x014DF000 \SystemRoot\System32\Drivers\msrpc.sys

0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0153D000 \SystemRoot\System32\Drivers\cng.sys

0x0161A000 \SystemRoot\System32\drivers\pcw.sys

0x0162B000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x0184C000 \SystemRoot\system32\drivers\ndis.sys

0x0193E000 \SystemRoot\system32\drivers\NETIO.SYS

0x0199E000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01A02000 \SystemRoot\System32\drivers\tcpip.sys

0x01800000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01C1C000 \SystemRoot\system32\DRIVERS\timntr.sys

0x01CCC000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x01CDC000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x01D28000 \SystemRoot\System32\Drivers\spldr.sys

0x01D30000 \SystemRoot\System32\drivers\rdyboost.sys

0x01D6A000 \SystemRoot\System32\Drivers\mup.sys

0x01D7C000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01D85000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01DBF000 \SystemRoot\system32\DRIVERS\disk.sys

0x019C9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x048DC000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x04906000 \SystemRoot\System32\Drivers\Null.SYS

0x0490F000 \SystemRoot\System32\Drivers\Beep.SYS

0x04916000 \SystemRoot\System32\drivers\vga.sys

0x04924000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x04949000 \SystemRoot\System32\drivers\watchdog.sys

0x04959000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x04962000 \SystemRoot\system32\drivers\rdpencdd.sys

0x0496B000 \SystemRoot\system32\drivers\rdprefmp.sys

0x04974000 \SystemRoot\System32\Drivers\Msfs.SYS

0x0497F000 \SystemRoot\System32\Drivers\Npfs.SYS

0x04990000 \SystemRoot\system32\DRIVERS\tdx.sys

0x049AE000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x04600000 \SystemRoot\system32\drivers\afd.sys

0x049BB000 \SystemRoot\System32\DRIVERS\netbt.sys

0x0468A000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x04693000 \SystemRoot\system32\DRIVERS\pacer.sys

0x01DE3000 \SystemRoot\system32\DRIVERS\netbios.sys

0x015B0000 \SystemRoot\system32\DRIVERS\serial.sys

0x01C00000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x01635000 \SystemRoot\system32\DRIVERS\termdd.sys

0x0409A000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SYMNETS.SYS

0x04100000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

0x04136000 \SystemRoot\system32\drivers\NAVx64\1201000.025\Ironx64.SYS

0x04162000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SRTSPX64.SYS

0x04178000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x041C9000 \SystemRoot\system32\drivers\nsiproxy.sys

0x041D5000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x04000000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101015.005\IDSvia64.sys

0x0407B000 \SystemRoot\system32\DRIVERS\EIO64.sys

0x056D8000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

0x0574E000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x05773000 \SystemRoot\System32\drivers\discache.sys

0x05600000 \SystemRoot\system32\drivers\csc.sys

0x05683000 \SystemRoot\System32\Drivers\dfsc.sys

0x056A1000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x05AE2000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx64.sys

0x05BCF000 \SystemRoot\SysWow64\drivers\AsUpIO.sys

0x05BD5000 \SystemRoot\SysWow64\drivers\AsIO.sys

0x05A00000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x05A26000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x05A3C000 \SystemRoot\system32\drivers\ATKDispLowFilter.sys

0x05CCC000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x05C00000 \SystemRoot\System32\drivers\dxgmms1.sys

0x05C46000 \SystemRoot\system32\DRIVERS\atikmpag.sys

0x05E45000 \SystemRoot\system32\DRIVERS\atipmdag.sys

0x064AB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x064CF000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x064E0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x06536000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys

0x06565000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x06567000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x06852000 \SystemRoot\system32\drivers\P17.sys

0x06800000 \SystemRoot\system32\drivers\portcls.sys

0x069D7000 \SystemRoot\system32\drivers\drmk.sys

0x065BD000 \SystemRoot\system32\drivers\ks.sys

0x069F9000 \SystemRoot\system32\drivers\ksthunk.sys

0x05E00000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x0683D000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x06845000 \SystemRoot\system32\DRIVERS\serenum.sys

0x05C7A000 \SystemRoot\system32\DRIVERS\intelsmb.sys

0x05C8A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x05E3E000 \SystemRoot\system32\drivers\asusgsb.sys

0x05C9A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x05DC0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x05DE4000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x05A46000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x05CB0000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x05A75000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x05A96000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x05DF0000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x05AB0000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x05ABF000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x05E43000 \SystemRoot\system32\DRIVERS\swenum.sys

0x05ACE000 \SystemRoot\system32\DRIVERS\umbus.sys

0x05782000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x05BDB000 \SystemRoot\system32\DRIVERS\nusb3hub.sys

0x057DC000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x056B2000 \SystemRoot\system32\drivers\AtiHdmi.sys

0x07840000 \SystemRoot\system32\drivers\HdAudio.sys

0x0789C000 \SystemRoot\System32\Drivers\crashdmp.sys

0x046B9000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x078AA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x00000000 \SystemRoot\System32\win32k.sys

0x078BD000 \SystemRoot\System32\drivers\Dxapi.sys

0x078C9000 \SystemRoot\system32\DRIVERS\monitor.sys

0x005D0000 \SystemRoot\System32\TSDDD.dll

0x078D7000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x078F4000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x07902000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x0791B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x07924000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x07932000 \SystemRoot\system32\DRIVERS\usbscan.sys

0x07943000 \SystemRoot\system32\DRIVERS\usbprint.sys

0x0794F000 \SystemRoot\system32\DRIVERS\dot4usb.sys

0x0795F000 \SystemRoot\system32\DRIVERS\Dot4.sys

0x07987000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys

0x00950000 \SystemRoot\System32\ATMFD.DLL

0x00670000 \SystemRoot\System32\cdd.dll

0x07991000 \SystemRoot\system32\drivers\luafv.sys

0x079B4000 \SystemRoot\system32\DRIVERS\tifsfilt.sys

0x079CB000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x079D8000 \SystemRoot\system32\DRIVERS\point64.sys

0x07800000 \SystemRoot\system32\drivers\WudfPf.sys

0x07821000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x079E8000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x04AB9000 \SystemRoot\system32\drivers\HTTP.sys

0x04B81000 \SystemRoot\system32\DRIVERS\bowser.sys

0x04B9F000 \SystemRoot\System32\drivers\mpsdrv.sys

0x04BB7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x04A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x04A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x04A71000 \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS

0x0984F000 \SystemRoot\system32\drivers\peauth.sys

0x098F5000 \SystemRoot\System32\Drivers\secdrv.SYS

0x09900000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0992D000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0993F000 \SystemRoot\System32\DRIVERS\srv2.sys

0x09CFA000 \SystemRoot\System32\DRIVERS\srv.sys

0x09C00000 \SystemRoot\System32\Drivers\NAVx64\1201000.025\SRTSP64.SYS

0x0A815000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101018.054\EX64.SYS

0x0A9D3000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101018.054\ENG64.SYS

0x09CBA000 \SystemRoot\System32\drivers\rdpdr.sys

0x0A9F3000 \SystemRoot\system32\drivers\tdtcp.sys

0x0A800000 \SystemRoot\System32\DRIVERS\tssecsrv.sys

0x09D90000 \SystemRoot\System32\Drivers\RDPWD.SYS

0x0B13E000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x77710000 \Windows\System32\ntdll.dll

0x47640000 \Windows\System32\smss.exe

0xFFA30000 \Windows\System32\apisetschema.dll

0xFFB40000 \Windows\System32\autochk.exe

0x77610000 \Windows\System32\user32.dll

0xFF8F0000 \Windows\System32\rpcrt4.dll

0xFF8D0000 \Windows\System32\imagehlp.dll

0xFF750000 \Windows\System32\urlmon.dll

0xFF740000 \Windows\System32\lpk.dll

0xFF530000 \Windows\System32\ole32.dll

0xFF460000 \Windows\System32\usp10.dll

0xFF3C0000 \Windows\System32\msvcrt.dll

0xFF350000 \Windows\System32\gdi32.dll

0xFF340000 \Windows\System32\nsi.dll

0xFF210000 \Windows\System32\wininet.dll

0xFF130000 \Windows\System32\oleaut32.dll

0x778E0000 \Windows\System32\psapi.dll

0xFF0E0000 \Windows\System32\ws2_32.dll

0xFF040000 \Windows\System32\comdlg32.dll

0xFEDE0000 \Windows\System32\iertutil.dll

0xFE050000 \Windows\System32\shell32.dll

0xFDF70000 \Windows\System32\advapi32.dll

0xFDF50000 \Windows\System32\sechost.dll

0xFDD70000 \Windows\System32\setupapi.dll

0xFDD20000 \Windows\System32\Wldap32.dll

0xFDCA0000 \Windows\System32\difxapi.dll

0xFDB90000 \Windows\System32\msctf.dll

0x774F0000 \Windows\System32\kernel32.dll

0xFDAF0000 \Windows\System32\clbcatq.dll

0xFDA70000 \Windows\System32\shlwapi.dll

0x778D0000 \Windows\System32\normaliz.dll

0xFDA40000 \Windows\System32\imm32.dll

0xFD9A0000 \Windows\System32\comctl32.dll

0xFD930000 \Windows\System32\KernelBase.dll

0xFD8F0000 \Windows\System32\wintrust.dll

0xFD8D0000 \Windows\System32\devobj.dll

0xFD890000 \Windows\System32\cfgmgr32.dll

0xFD720000 \Windows\System32\crypt32.dll

0xFD710000 \Windows\System32\msasn1.dll

Processes (total 63):

0 System Idle Process

4 System

376 C:\Windows\System32\smss.exe

480 csrss.exe

544 C:\Windows\System32\wininit.exe

560 csrss.exe

608 C:\Windows\System32\services.exe

624 C:\Windows\System32\lsass.exe

632 C:\Windows\System32\lsm.exe

768 C:\Windows\System32\svchost.exe

792 C:\Windows\System32\winlogon.exe

888 C:\Windows\System32\ATKFUSService.exe

936 C:\Windows\System32\svchost.exe

996 C:\Windows\System32\atiesrxx.exe

388 C:\Windows\System32\svchost.exe

428 C:\Windows\System32\svchost.exe

840 C:\Windows\System32\svchost.exe

1104 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

1156 C:\Windows\System32\svchost.exe

1272 C:\Windows\System32\svchost.exe

1360 C:\Windows\System32\atieclxx.exe

1472 C:\Windows\System32\spoolsv.exe

1516 C:\Windows\System32\svchost.exe

1596 C:\Windows\SysWOW64\ASDR.exe

1648 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

1692 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

1748 C:\Windows\System32\taskhost.exe

1756 C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe

1796 C:\Windows\System32\taskeng.exe

1904 C:\Windows\System32\svchost.exe

1376 C:\Windows\System32\dwm.exe

444 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

1260 C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe

2080 C:\Windows\explorer.exe

2156 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

2220 C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

2360 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

2368 C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe

2384 C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

2408 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

2416 C:\Windows\SysWOW64\rundll32.exe

2432 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

2472 C:\Windows\System32\svchost.exe

2812 C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe

2992 C:\Windows\System32\svchost.exe

3040 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

2264 C:\Windows\System32\svchost.exe

2584 C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

3184 C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

3576 WmiPrvSE.exe

3964 C:\Windows\System32\SearchIndexer.exe

2912 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

5024 C:\Program Files\Windows Media Player\wmpnetwk.exe

1440 C:\Windows\servicing\TrustedInstaller.exe

4680 C:\Windows\System32\audiodg.exe

4548 C:\Program Files (x86)\Internet Explorer\iexplore.exe

4444 C:\Program Files (x86)\Internet Explorer\iexplore.exe

2444 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

2332 C:\Windows\System32\SearchProtocolHost.exe

2300 C:\Windows\System32\SearchFilterHost.exe

2512 C:\Program Files (x86)\Internet Explorer\iexplore.exe

1444 C:\Users\Em\Desktop\MBRCheck.exe

736 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: KINGSTONSNV425S264GB, Rev: C091126a

PhysicalDrive2 Model Number: HitachiHDS721010CLA332, Rev: JP4OA39C

PhysicalDrive1 Model Number: WDCWD10EARS-00Y5B1, Rev: 80.00A80

Size Device Name MBR Status

--------------------------------------------

59 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966

931 GB \\.\PhysicalDrive2 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

931 GB \\.\PhysicalDrive1 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Link to post
Share on other sites

Hello again, that points indeed toward an infected MBR.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x0000007c

Kernel Drivers (total 220):

0x02E59000 \SystemRoot\system32\ntoskrnl.exe

0x02E10000 \SystemRoot\system32\hal.dll

0x00BC4000 \SystemRoot\system32\kdcom.dll

0x00C86000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CCA000 \SystemRoot\system32\PSHED.dll

0x00CDE000 \SystemRoot\system32\CLFS.SYS

0x00D3C000 \SystemRoot\system32\CI.dll

0x00E15000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EB9000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00EC8000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00F1F000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00F28000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00F32000 \SystemRoot\system32\DRIVERS\pci.sys

0x00F65000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00F72000 \SystemRoot\System32\drivers\partmgr.sys

0x00F87000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00F9C000 \SystemRoot\System32\drivers\volmgrx.sys

0x00FF8000 \SystemRoot\system32\DRIVERS\pciide.sys

0x00E00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00C00000 \SystemRoot\system32\DRIVERS\jraid.sys

0x00C21000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x00C50000 \SystemRoot\System32\drivers\mountmgr.sys

0x010E5000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x012EF000 \SystemRoot\system32\DRIVERS\atapi.sys

0x012F8000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x01322000 \SystemRoot\system32\DRIVERS\msahci.sys

0x0132D000 \SystemRoot\system32\DRIVERS\mv91xx.sys

0x013B9000 \SystemRoot\system32\DRIVERS\mvxxmm.sys

0x013C1000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x01000000 \SystemRoot\system32\drivers\fltmgr.sys

0x0104C000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SYMDS64.SYS

0x010BD000 \SystemRoot\system32\drivers\fileinfo.sys

0x01453000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SYMEFA64.SYS

0x0164C000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01521000 \SystemRoot\System32\Drivers\msrpc.sys

0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0157F000 \SystemRoot\System32\Drivers\cng.sys

0x0161A000 \SystemRoot\System32\drivers\pcw.sys

0x0162B000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01815000 \SystemRoot\system32\drivers\ndis.sys

0x01907000 \SystemRoot\system32\drivers\NETIO.SYS

0x01967000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01A02000 \SystemRoot\System32\drivers\tcpip.sys

0x01992000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01CD0000 \SystemRoot\system32\DRIVERS\timntr.sys

0x01D80000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x01D90000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x01DDC000 \SystemRoot\System32\Drivers\spldr.sys

0x01C00000 \SystemRoot\System32\drivers\rdyboost.sys

0x01C3A000 \SystemRoot\System32\Drivers\mup.sys

0x01C4C000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01C55000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01C8F000 \SystemRoot\system32\DRIVERS\disk.sys

0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x05C9A000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x05CC4000 \SystemRoot\System32\Drivers\Null.SYS

0x05CCD000 \SystemRoot\System32\Drivers\Beep.SYS

0x05CD4000 \SystemRoot\System32\drivers\vga.sys

0x05CE2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x05D07000 \SystemRoot\System32\drivers\watchdog.sys

0x05D17000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x05D20000 \SystemRoot\system32\drivers\rdpencdd.sys

0x05D29000 \SystemRoot\system32\drivers\rdprefmp.sys

0x05D32000 \SystemRoot\System32\Drivers\Msfs.SYS

0x05D3D000 \SystemRoot\System32\Drivers\Npfs.SYS

0x05D4E000 \SystemRoot\system32\DRIVERS\tdx.sys

0x05D6C000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x040A3000 \SystemRoot\system32\drivers\afd.sys

0x0412D000 \SystemRoot\System32\DRIVERS\netbt.sys

0x04172000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x0417B000 \SystemRoot\system32\DRIVERS\pacer.sys

0x041A1000 \SystemRoot\system32\DRIVERS\netbios.sys

0x041B0000 \SystemRoot\system32\DRIVERS\serial.sys

0x041CD000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x041E8000 \SystemRoot\system32\DRIVERS\termdd.sys

0x04000000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SYMNETS.SYS

0x04066000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

0x05D79000 \SystemRoot\system32\drivers\NAVx64\1201000.025\Ironx64.SYS

0x05DA5000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SRTSPX64.SYS

0x05A00000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x05A51000 \SystemRoot\system32\drivers\nsiproxy.sys

0x05A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x04465000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101015.005\IDSvia64.sys

0x044E0000 \SystemRoot\system32\DRIVERS\EIO64.sys

0x044E9000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

0x0455F000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x04584000 \SystemRoot\System32\drivers\discache.sys

0x0569B000 \SystemRoot\system32\drivers\csc.sys

0x0571E000 \SystemRoot\System32\Drivers\dfsc.sys

0x0573C000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x05E2C000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx64.sys

0x05F19000 \SystemRoot\SysWow64\drivers\AsUpIO.sys

0x05F1F000 \SystemRoot\SysWow64\drivers\AsIO.sys

0x05F25000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x05F4B000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x05F61000 \SystemRoot\system32\drivers\ATKDispLowFilter.sys

0x0601D000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x06111000 \SystemRoot\System32\drivers\dxgmms1.sys

0x06157000 \SystemRoot\system32\DRIVERS\atikmpag.sys

0x0681C000 \SystemRoot\system32\DRIVERS\atipmdag.sys

0x06E82000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x06EA6000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x06EB7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x06F0D000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys

0x06F3C000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x06F3E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x0623C000 \SystemRoot\system32\drivers\P17.sys

0x063C1000 \SystemRoot\system32\drivers\portcls.sys

0x06200000 \SystemRoot\system32\drivers\drmk.sys

0x06F94000 \SystemRoot\system32\drivers\ks.sys

0x06222000 \SystemRoot\system32\drivers\ksthunk.sys

0x0618B000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x06228000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x06230000 \SystemRoot\system32\DRIVERS\serenum.sys

0x06FD7000 \SystemRoot\system32\DRIVERS\intelsmb.sys

0x06FE7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x06FF7000 \SystemRoot\system32\drivers\asusgsb.sys

0x06800000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x061C9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x061ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x05F6B000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x06000000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x05F9A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x05FBB000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x05FD5000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x05FE0000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x05FEF000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x063FE000 \SystemRoot\system32\DRIVERS\swenum.sys

0x05E00000 \SystemRoot\system32\DRIVERS\umbus.sys

0x0574D000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x05E12000 \SystemRoot\system32\DRIVERS\nusb3hub.sys

0x057A7000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x057BC000 \SystemRoot\system32\drivers\AtiHdmi.sys

0x05600000 \SystemRoot\system32\drivers\HdAudio.sys

0x0565C000 \SystemRoot\System32\Drivers\crashdmp.sys

0x05A68000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x0566A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x00060000 \SystemRoot\System32\win32k.sys

0x0567D000 \SystemRoot\System32\drivers\Dxapi.sys

0x05689000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00530000 \SystemRoot\System32\TSDDD.dll

0x057DE000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x04593000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x045A1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x045BA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x045C3000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x008B0000 \SystemRoot\System32\ATMFD.DLL

0x00630000 \SystemRoot\System32\cdd.dll

0x045D1000 \SystemRoot\system32\DRIVERS\usbscan.sys

0x045E2000 \SystemRoot\system32\DRIVERS\usbprint.sys

0x045EE000 \SystemRoot\system32\DRIVERS\dot4usb.sys

0x04400000 \SystemRoot\system32\drivers\luafv.sys

0x04423000 \SystemRoot\system32\DRIVERS\Dot4.sys

0x0444B000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys

0x05C72000 \SystemRoot\system32\DRIVERS\tifsfilt.sys

0x05DBB000 \SystemRoot\system32\drivers\WudfPf.sys

0x04455000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x05DDC000 \SystemRoot\system32\DRIVERS\point64.sys

0x01CB3000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x01DE4000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x04602000 \SystemRoot\system32\drivers\HTTP.sys

0x046CA000 \SystemRoot\system32\DRIVERS\bowser.sys

0x046E8000 \SystemRoot\System32\drivers\mpsdrv.sys

0x04700000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0472D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0477B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0479E000 \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS

0x0583F000 \SystemRoot\system32\drivers\peauth.sys

0x058E5000 \SystemRoot\System32\Drivers\secdrv.SYS

0x058F0000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0591D000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0592F000 \SystemRoot\System32\DRIVERS\srv2.sys

0x09CB0000 \SystemRoot\System32\DRIVERS\srv.sys

0x09D46000 \SystemRoot\System32\Drivers\NAVx64\1201000.025\SRTSP64.SYS

0x0AA11000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101018.054\EX64.SYS

0x0ABCF000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101018.054\ENG64.SYS

0x09C00000 \SystemRoot\System32\drivers\rdpdr.sys

0x0ABEF000 \SystemRoot\system32\drivers\tdtcp.sys

0x0AA00000 \SystemRoot\System32\DRIVERS\tssecsrv.sys

0x09C2E000 \SystemRoot\System32\Drivers\RDPWD.SYS

0x0B096000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x77C70000 \Windows\System32\ntdll.dll

0x47E80000 \Windows\System32\smss.exe

0xFFF90000 \Windows\System32\apisetschema.dll

0xFFE00000 \Windows\System32\autochk.exe

0xFFEA0000 \Windows\System32\advapi32.dll

0xFFD90000 \Windows\System32\msctf.dll

0xFFD80000 \Windows\System32\lpk.dll

0xFFD00000 \Windows\System32\difxapi.dll

0xFFC60000 \Windows\System32\msvcrt.dll

0xFFBC0000 \Windows\System32\clbcatq.dll

0xFFBB0000 \Windows\System32\nsi.dll

0x77B70000 \Windows\System32\user32.dll

0xFF9A0000 \Windows\System32\ole32.dll

0xFF950000 \Windows\System32\Wldap32.dll

0x77A50000 \Windows\System32\kernel32.dll

0xFF900000 \Windows\System32\ws2_32.dll

0xFF860000 \Windows\System32\comdlg32.dll

0xFEAD0000 \Windows\System32\shell32.dll

0xFE8F0000 \Windows\System32\setupapi.dll

0xFE810000 \Windows\System32\oleaut32.dll

0xFE6E0000 \Windows\System32\rpcrt4.dll

0xFE670000 \Windows\System32\gdi32.dll

0xFE5F0000 \Windows\System32\shlwapi.dll

0xFE5D0000 \Windows\System32\imagehlp.dll

0xFE370000 \Windows\System32\iertutil.dll

0xFE240000 \Windows\System32\wininet.dll

0x77E40000 \Windows\System32\normaliz.dll

0xFE220000 \Windows\System32\sechost.dll

0xFE150000 \Windows\System32\usp10.dll

0xFDFD0000 \Windows\System32\urlmon.dll

0x77E30000 \Windows\System32\psapi.dll

0xFDFA0000 \Windows\System32\imm32.dll

0xFDF60000 \Windows\System32\wintrust.dll

0xFDDF0000 \Windows\System32\crypt32.dll

0xFDD80000 \Windows\System32\KernelBase.dll

0xFDCE0000 \Windows\System32\comctl32.dll

0xFDCA0000 \Windows\System32\cfgmgr32.dll

0xFDC80000 \Windows\System32\devobj.dll

0xFDC70000 \Windows\System32\msasn1.dll

Processes (total 62):

0 System Idle Process

4 System

376 C:\Windows\System32\smss.exe

480 csrss.exe

544 C:\Windows\System32\wininit.exe

564 csrss.exe

600 C:\Windows\System32\services.exe

616 C:\Windows\System32\lsass.exe

624 C:\Windows\System32\lsm.exe

740 C:\Windows\System32\svchost.exe

808 C:\Windows\System32\winlogon.exe

848 C:\Windows\System32\ATKFUSService.exe

884 C:\Windows\System32\svchost.exe

948 C:\Windows\System32\atiesrxx.exe

988 C:\Windows\System32\svchost.exe

152 C:\Windows\System32\svchost.exe

392 C:\Windows\System32\svchost.exe

1036 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

1112 C:\Windows\System32\svchost.exe

1204 C:\Windows\System32\svchost.exe

1312 C:\Windows\System32\atieclxx.exe

1400 C:\Windows\System32\spoolsv.exe

1428 C:\Windows\System32\svchost.exe

1520 C:\Windows\SysWOW64\ASDR.exe

1552 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

1576 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

1612 C:\Windows\System32\svchost.exe

1648 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

1696 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

1740 C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

1788 C:\Windows\System32\svchost.exe

1812 C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe

1912 C:\Windows\System32\svchost.exe

1964 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

2024 C:\Windows\System32\taskhost.exe

2032 C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe

1160 C:\Windows\System32\dwm.exe

2060 C:\Windows\explorer.exe

2188 C:\Windows\System32\svchost.exe

2224 C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

2332 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

2340 C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe

2364 C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

2384 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

2464 C:\Windows\SysWOW64\rundll32.exe

2496 C:\Windows\System32\taskeng.exe

2596 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

2864 C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe

2272 C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

4148 C:\Windows\System32\SearchIndexer.exe

4724 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

2744 C:\Program Files\Windows Media Player\wmpnetwk.exe

3292 C:\Program Files (x86)\Internet Explorer\iexplore.exe

5020 C:\Program Files (x86)\Internet Explorer\iexplore.exe

2136 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

428 C:\mIRC\mirc.exe

3536 C:\Program Files (x86)Eudora\Eudora.exe

4764 C:\Program Files (x86)\Internet Explorer\iexplore.exe

2116 WmiPrvSE.exe

2416 C:\Windows\System32\audiodg.exe

4424 C:\Users\Em\Desktop\MBRCheck.exe

3320 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: KINGSTONSNV425S264GB, Rev: C091126a

PhysicalDrive2 Model Number: HitachiHDS721010CLA332, Rev: JP4OA39C

PhysicalDrive1 Model Number: WDCWD10EARS-00Y5B1, Rev: 80.00A80

Size Device Name MBR Status

--------------------------------------------

59 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

931 GB \\.\PhysicalDrive2 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

931 GB \\.\PhysicalDrive1 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Link to post
Share on other sites

OTL Extras logfile created on: 10/19/2010 12:26:42 PM - Run 4

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Em\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 14.00 Gb Available Physical Memory | 87.00% Memory free

32.00 Gb Paging File | 30.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 59.62 Gb Total Space | 10.49 Gb Free Space | 17.60% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 510.52 Gb Free Space | 54.81% Space Free | Partition Type: NTFS

Drive E: | 931.51 Gb Total Space | 801.44 Gb Free Space | 86.04% Space Free | Partition Type: NTFS

Computer Name: EM-PC | User Name: Em | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0

"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SMBus" = Intel® SMBus

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29A47E79-7287-4C52-9667-B4CDEEE14B58}" = T.Probe

"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform

"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers

"{52A8B9C6-4F6E-41EF-BE78-0D4BC512BCA9}" = VP6 VFW Codec

"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility

"{76A38425-741A-415C-96CF-AAD907FAB421}" = Vz In Home Agent

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{991B1E79-12B6-40C3-A081-1FC47C6F2F37}" = Bulk Rename Utility 2, 6, 1, 0

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager

"{BE967F90-A197-4CF9-9F76-254EE1F0A44A}" = VP4 Video For Windows Codec

"{CF59708F-60F4-11D5-866A-00A0D2183227}" = On2 VP3 Video for Windows Codec

"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility

"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{EA2444BA-445D-4AB9-B164-77981FE21D75}" = Eudora

"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II

"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"{FF0D5234-E7D8-41DA-9287-C89C3B045ADC}" = Vz In Home Agent

"3ivx D4 4.5.1" = 3ivx D4 4.5.1 (remove only)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"ALchemy" = Creative ALchemy

"AngelPotion Video Codec V1" = AngelPotion Video Codec V1

"AudioCS" = Creative Audio Control Panel

"CodInstl" = Intel A/V Codecs V2.0

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition

"DivX Setup.divx.com" = DivX Setup

"Free Easy Burner_is1" = Free Easy Burner V 4.1

"GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"MagniDriver" = marvell 91xx driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"mIRC" = mIRC

"NAV" = Norton AntiVirus

"NST" = Norton Safe Web Lite

"PlayFLV" = PlayFLV

"Search Toolbar" = Search Toolbar

"SystemRequirementsLab" = System Requirements Lab

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinZip" = WinZip

"xvid" = XviD MPEG-4 Video Codec

"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x0000007c

Kernel Drivers (total 220):

0x02E59000 \SystemRoot\system32\ntoskrnl.exe

0x02E10000 \SystemRoot\system32\hal.dll

0x00BC4000 \SystemRoot\system32\kdcom.dll

0x00C86000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CCA000 \SystemRoot\system32\PSHED.dll

0x00CDE000 \SystemRoot\system32\CLFS.SYS

0x00D3C000 \SystemRoot\system32\CI.dll

0x00E15000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EB9000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00EC8000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00F1F000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00F28000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00F32000 \SystemRoot\system32\DRIVERS\pci.sys

0x00F65000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00F72000 \SystemRoot\System32\drivers\partmgr.sys

0x00F87000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00F9C000 \SystemRoot\System32\drivers\volmgrx.sys

0x00FF8000 \SystemRoot\system32\DRIVERS\pciide.sys

0x00E00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00C00000 \SystemRoot\system32\DRIVERS\jraid.sys

0x00C21000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x00C50000 \SystemRoot\System32\drivers\mountmgr.sys

0x010E5000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x012EF000 \SystemRoot\system32\DRIVERS\atapi.sys

0x012F8000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x01322000 \SystemRoot\system32\DRIVERS\msahci.sys

0x0132D000 \SystemRoot\system32\DRIVERS\mv91xx.sys

0x013B9000 \SystemRoot\system32\DRIVERS\mvxxmm.sys

0x013C1000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x01000000 \SystemRoot\system32\drivers\fltmgr.sys

0x0104C000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SYMDS64.SYS

0x010BD000 \SystemRoot\system32\drivers\fileinfo.sys

0x01453000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SYMEFA64.SYS

0x0164C000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01521000 \SystemRoot\System32\Drivers\msrpc.sys

0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0157F000 \SystemRoot\System32\Drivers\cng.sys

0x0161A000 \SystemRoot\System32\drivers\pcw.sys

0x0162B000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01815000 \SystemRoot\system32\drivers\ndis.sys

0x01907000 \SystemRoot\system32\drivers\NETIO.SYS

0x01967000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01A02000 \SystemRoot\System32\drivers\tcpip.sys

0x01992000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01CD0000 \SystemRoot\system32\DRIVERS\timntr.sys

0x01D80000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x01D90000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x01DDC000 \SystemRoot\System32\Drivers\spldr.sys

0x01C00000 \SystemRoot\System32\drivers\rdyboost.sys

0x01C3A000 \SystemRoot\System32\Drivers\mup.sys

0x01C4C000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01C55000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01C8F000 \SystemRoot\system32\DRIVERS\disk.sys

0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x05C9A000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x05CC4000 \SystemRoot\System32\Drivers\Null.SYS

0x05CCD000 \SystemRoot\System32\Drivers\Beep.SYS

0x05CD4000 \SystemRoot\System32\drivers\vga.sys

0x05CE2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x05D07000 \SystemRoot\System32\drivers\watchdog.sys

0x05D17000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x05D20000 \SystemRoot\system32\drivers\rdpencdd.sys

0x05D29000 \SystemRoot\system32\drivers\rdprefmp.sys

0x05D32000 \SystemRoot\System32\Drivers\Msfs.SYS

0x05D3D000 \SystemRoot\System32\Drivers\Npfs.SYS

0x05D4E000 \SystemRoot\system32\DRIVERS\tdx.sys

0x05D6C000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x040A3000 \SystemRoot\system32\drivers\afd.sys

0x0412D000 \SystemRoot\System32\DRIVERS\netbt.sys

0x04172000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x0417B000 \SystemRoot\system32\DRIVERS\pacer.sys

0x041A1000 \SystemRoot\system32\DRIVERS\netbios.sys

0x041B0000 \SystemRoot\system32\DRIVERS\serial.sys

0x041CD000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x041E8000 \SystemRoot\system32\DRIVERS\termdd.sys

0x04000000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SYMNETS.SYS

0x04066000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

0x05D79000 \SystemRoot\system32\drivers\NAVx64\1201000.025\Ironx64.SYS

0x05DA5000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SRTSPX64.SYS

0x05A00000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x05A51000 \SystemRoot\system32\drivers\nsiproxy.sys

0x05A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x04465000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101015.005\IDSvia64.sys

0x044E0000 \SystemRoot\system32\DRIVERS\EIO64.sys

0x044E9000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

0x0455F000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x04584000 \SystemRoot\System32\drivers\discache.sys

0x0569B000 \SystemRoot\system32\drivers\csc.sys

0x0571E000 \SystemRoot\System32\Drivers\dfsc.sys

0x0573C000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x05E2C000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx64.sys

0x05F19000 \SystemRoot\SysWow64\drivers\AsUpIO.sys

0x05F1F000 \SystemRoot\SysWow64\drivers\AsIO.sys

0x05F25000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x05F4B000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x05F61000 \SystemRoot\system32\drivers\ATKDispLowFilter.sys

0x0601D000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x06111000 \SystemRoot\System32\drivers\dxgmms1.sys

0x06157000 \SystemRoot\system32\DRIVERS\atikmpag.sys

0x0681C000 \SystemRoot\system32\DRIVERS\atipmdag.sys

0x06E82000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x06EA6000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x06EB7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x06F0D000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys

0x06F3C000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x06F3E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x0623C000 \SystemRoot\system32\drivers\P17.sys

0x063C1000 \SystemRoot\system32\drivers\portcls.sys

0x06200000 \SystemRoot\system32\drivers\drmk.sys

0x06F94000 \SystemRoot\system32\drivers\ks.sys

0x06222000 \SystemRoot\system32\drivers\ksthunk.sys

0x0618B000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x06228000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x06230000 \SystemRoot\system32\DRIVERS\serenum.sys

0x06FD7000 \SystemRoot\system32\DRIVERS\intelsmb.sys

0x06FE7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x06FF7000 \SystemRoot\system32\drivers\asusgsb.sys

0x06800000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x061C9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x061ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x05F6B000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x06000000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x05F9A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x05FBB000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x05FD5000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x05FE0000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x05FEF000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x063FE000 \SystemRoot\system32\DRIVERS\swenum.sys

0x05E00000 \SystemRoot\system32\DRIVERS\umbus.sys

0x0574D000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x05E12000 \SystemRoot\system32\DRIVERS\nusb3hub.sys

0x057A7000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x057BC000 \SystemRoot\system32\drivers\AtiHdmi.sys

0x05600000 \SystemRoot\system32\drivers\HdAudio.sys

0x0565C000 \SystemRoot\System32\Drivers\crashdmp.sys

0x05A68000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x0566A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x00060000 \SystemRoot\System32\win32k.sys

0x0567D000 \SystemRoot\System32\drivers\Dxapi.sys

0x05689000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00530000 \SystemRoot\System32\TSDDD.dll

0x057DE000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x04593000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x045A1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x045BA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x045C3000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x008B0000 \SystemRoot\System32\ATMFD.DLL

0x00630000 \SystemRoot\System32\cdd.dll

0x045D1000 \SystemRoot\system32\DRIVERS\usbscan.sys

0x045E2000 \SystemRoot\system32\DRIVERS\usbprint.sys

0x045EE000 \SystemRoot\system32\DRIVERS\dot4usb.sys

0x04400000 \SystemRoot\system32\drivers\luafv.sys

0x04423000 \SystemRoot\system32\DRIVERS\Dot4.sys

0x0444B000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys

0x05C72000 \SystemRoot\system32\DRIVERS\tifsfilt.sys

0x05DBB000 \SystemRoot\system32\drivers\WudfPf.sys

0x04455000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x05DDC000 \SystemRoot\system32\DRIVERS\point64.sys

0x01CB3000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x01DE4000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x04602000 \SystemRoot\system32\drivers\HTTP.sys

0x046CA000 \SystemRoot\system32\DRIVERS\bowser.sys

0x046E8000 \SystemRoot\System32\drivers\mpsdrv.sys

0x04700000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0472D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0477B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0479E000 \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS

0x0583F000 \SystemRoot\system32\drivers\peauth.sys

0x058E5000 \SystemRoot\System32\Drivers\secdrv.SYS

0x058F0000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0591D000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0592F000 \SystemRoot\System32\DRIVERS\srv2.sys

0x09CB0000 \SystemRoot\System32\DRIVERS\srv.sys

0x09D46000 \SystemRoot\System32\Drivers\NAVx64\1201000.025\SRTSP64.SYS

0x09C00000 \SystemRoot\System32\drivers\rdpdr.sys

0x0ABEF000 \SystemRoot\system32\drivers\tdtcp.sys

0x0AA00000 \SystemRoot\System32\DRIVERS\tssecsrv.sys

0x09C2E000 \SystemRoot\System32\Drivers\RDPWD.SYS

0x0B096000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x0AA0F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101019.004\EX64.SYS

0x0B0BC000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101019.004\ENG64.SYS

0x77C70000 \Windows\System32\ntdll.dll

0x47E80000 \Windows\System32\smss.exe

0xFFF90000 \Windows\System32\apisetschema.dll

0xFFE00000 \Windows\System32\autochk.exe

0xFFEA0000 \Windows\System32\advapi32.dll

0xFFD90000 \Windows\System32\msctf.dll

0xFFD80000 \Windows\System32\lpk.dll

0xFFD00000 \Windows\System32\difxapi.dll

0xFFC60000 \Windows\System32\msvcrt.dll

0xFFBC0000 \Windows\System32\clbcatq.dll

0xFFBB0000 \Windows\System32\nsi.dll

0x77B70000 \Windows\System32\user32.dll

0xFF9A0000 \Windows\System32\ole32.dll

0xFF950000 \Windows\System32\Wldap32.dll

0x77A50000 \Windows\System32\kernel32.dll

0xFF900000 \Windows\System32\ws2_32.dll

0xFF860000 \Windows\System32\comdlg32.dll

0xFEAD0000 \Windows\System32\shell32.dll

0xFE8F0000 \Windows\System32\setupapi.dll

0xFE810000 \Windows\System32\oleaut32.dll

0xFE6E0000 \Windows\System32\rpcrt4.dll

0xFE670000 \Windows\System32\gdi32.dll

0xFE5F0000 \Windows\System32\shlwapi.dll

0xFE5D0000 \Windows\System32\imagehlp.dll

0xFE370000 \Windows\System32\iertutil.dll

0xFE240000 \Windows\System32\wininet.dll

0x77E40000 \Windows\System32\normaliz.dll

0xFE220000 \Windows\System32\sechost.dll

0xFE150000 \Windows\System32\usp10.dll

0xFDFD0000 \Windows\System32\urlmon.dll

0x77E30000 \Windows\System32\psapi.dll

0xFDFA0000 \Windows\System32\imm32.dll

0xFDF60000 \Windows\System32\wintrust.dll

0xFDDF0000 \Windows\System32\crypt32.dll

0xFDD80000 \Windows\System32\KernelBase.dll

0xFDCE0000 \Windows\System32\comctl32.dll

0xFDCA0000 \Windows\System32\cfgmgr32.dll

0xFDC80000 \Windows\System32\devobj.dll

0xFDC70000 \Windows\System32\msasn1.dll

Processes (total 62):

0 System Idle Process

4 System

376 C:\Windows\System32\smss.exe

480 csrss.exe

544 C:\Windows\System32\wininit.exe

564 csrss.exe

600 C:\Windows\System32\services.exe

616 C:\Windows\System32\lsass.exe

624 C:\Windows\System32\lsm.exe

740 C:\Windows\System32\svchost.exe

808 C:\Windows\System32\winlogon.exe

848 C:\Windows\System32\ATKFUSService.exe

884 C:\Windows\System32\svchost.exe

948 C:\Windows\System32\atiesrxx.exe

988 C:\Windows\System32\svchost.exe

152 C:\Windows\System32\svchost.exe

392 C:\Windows\System32\svchost.exe

1036 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

1112 C:\Windows\System32\svchost.exe

1204 C:\Windows\System32\svchost.exe

1312 C:\Windows\System32\atieclxx.exe

1400 C:\Windows\System32\spoolsv.exe

1428 C:\Windows\System32\svchost.exe

1520 C:\Windows\SysWOW64\ASDR.exe

1552 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

1576 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

1612 C:\Windows\System32\svchost.exe

1648 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

1696 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

1740 C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

1788 C:\Windows\System32\svchost.exe

1812 C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe

1912 C:\Windows\System32\svchost.exe

1964 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

2024 C:\Windows\System32\taskhost.exe

2032 C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe

1160 C:\Windows\System32\dwm.exe

2060 C:\Windows\explorer.exe

2188 C:\Windows\System32\svchost.exe

2224 C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

2332 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

2340 C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe

2364 C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

2384 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

2464 C:\Windows\SysWOW64\rundll32.exe

2496 C:\Windows\System32\taskeng.exe

2596 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

2864 C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe

2272 C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

4148 C:\Windows\System32\SearchIndexer.exe

4724 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

2744 C:\Program Files\Windows Media Player\wmpnetwk.exe

3292 C:\Program Files (x86)\Internet Explorer\iexplore.exe

5020 C:\Program Files (x86)\Internet Explorer\iexplore.exe

2136 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

428 C:\mIRC\mirc.exe

3536 C:\Program Files (x86)Eudora\Eudora.exe

4764 C:\Program Files (x86)\Internet Explorer\iexplore.exe

4584 C:\Windows\System32\notepad.exe

2120 C:\Windows\System32\audiodg.exe

2968 C:\Users\Em\Desktop\MBRCheck.exe

4472 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: KINGSTONSNV425S264GB, Rev: C091126a

PhysicalDrive2 Model Number: HitachiHDS721010CLA332, Rev: JP4OA39C

PhysicalDrive1 Model Number: WDCWD10EARS-00Y5B1, Rev: 80.00A80

Size Device Name MBR Status

--------------------------------------------

59 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

931 GB \\.\PhysicalDrive2 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

931 GB \\.\PhysicalDrive1 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Link to post
Share on other sites

OTL Extras logfile created on: 10/19/2010 1:46:55 PM - Run 5

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Em\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 14.00 Gb Available Physical Memory | 86.00% Memory free

32.00 Gb Paging File | 29.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 59.62 Gb Total Space | 10.48 Gb Free Space | 17.58% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 510.52 Gb Free Space | 54.81% Space Free | Partition Type: NTFS

Drive E: | 931.51 Gb Total Space | 801.41 Gb Free Space | 86.03% Space Free | Partition Type: NTFS

Computer Name: EM-PC | User Name: Em | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0

"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SMBus" = Intel® SMBus

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29A47E79-7287-4C52-9667-B4CDEEE14B58}" = T.Probe

"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform

"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers

"{52A8B9C6-4F6E-41EF-BE78-0D4BC512BCA9}" = VP6 VFW Codec

"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility

"{76A38425-741A-415C-96CF-AAD907FAB421}" = Vz In Home Agent

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{991B1E79-12B6-40C3-A081-1FC47C6F2F37}" = Bulk Rename Utility 2, 6, 1, 0

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager

"{BE967F90-A197-4CF9-9F76-254EE1F0A44A}" = VP4 Video For Windows Codec

"{CF59708F-60F4-11D5-866A-00A0D2183227}" = On2 VP3 Video for Windows Codec

"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility

"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{EA2444BA-445D-4AB9-B164-77981FE21D75}" = Eudora

"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II

"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"{FF0D5234-E7D8-41DA-9287-C89C3B045ADC}" = Vz In Home Agent

"3ivx D4 4.5.1" = 3ivx D4 4.5.1 (remove only)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"ALchemy" = Creative ALchemy

"AngelPotion Video Codec V1" = AngelPotion Video Codec V1

"AudioCS" = Creative Audio Control Panel

"CodInstl" = Intel A/V Codecs V2.0

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition

"DivX Setup.divx.com" = DivX Setup

"Free Easy Burner_is1" = Free Easy Burner V 4.1

"GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"MagniDriver" = marvell 91xx driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"mIRC" = mIRC

"NAV" = Norton AntiVirus

"NST" = Norton Safe Web Lite

"PlayFLV" = PlayFLV

"Search Toolbar" = Search Toolbar

"SystemRequirementsLab" = System Requirements Lab

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinZip" = WinZip

"xvid" = XviD MPEG-4 Video Codec

"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites

Ouch, must have had a blank of some sorts, only now saw you had included that also earlier, my apologies. :)

How are things running now?

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please launch MBAM, update it and run a full scan. Post me the log please.

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x0000007c

Kernel Drivers (total 219):

0x02E07000 \SystemRoot\system32\ntoskrnl.exe

0x033E3000 \SystemRoot\system32\hal.dll

0x00BAD000 \SystemRoot\system32\kdcom.dll

0x00CCC000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00D10000 \SystemRoot\system32\PSHED.dll

0x00D24000 \SystemRoot\system32\CLFS.SYS

0x00C00000 \SystemRoot\system32\CI.dll

0x00EF4000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F98000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00FA7000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00E00000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00E09000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00E13000 \SystemRoot\system32\DRIVERS\pci.sys

0x00E46000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00E53000 \SystemRoot\System32\drivers\partmgr.sys

0x00E68000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00E7D000 \SystemRoot\System32\drivers\volmgrx.sys

0x00ED9000 \SystemRoot\system32\DRIVERS\pciide.sys

0x00EE0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00D82000 \SystemRoot\system32\DRIVERS\jraid.sys

0x00DA3000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x00DD2000 \SystemRoot\System32\drivers\mountmgr.sys

0x01005000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x0120F000 \SystemRoot\system32\DRIVERS\atapi.sys

0x01218000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x01242000 \SystemRoot\system32\DRIVERS\msahci.sys

0x0124D000 \SystemRoot\system32\DRIVERS\mv91xx.sys

0x012D9000 \SystemRoot\system32\DRIVERS\mvxxmm.sys

0x012E1000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x012EC000 \SystemRoot\system32\drivers\fltmgr.sys

0x01338000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SYMDS64.SYS

0x013A9000 \SystemRoot\system32\drivers\fileinfo.sys

0x0140F000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SYMEFA64.SYS

0x01613000 \SystemRoot\System32\Drivers\Ntfs.sys

0x014DD000 \SystemRoot\System32\Drivers\msrpc.sys

0x017B6000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0153B000 \SystemRoot\System32\Drivers\cng.sys

0x017D0000 \SystemRoot\System32\drivers\pcw.sys

0x017E1000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x0182D000 \SystemRoot\system32\drivers\ndis.sys

0x0191F000 \SystemRoot\system32\drivers\NETIO.SYS

0x0197F000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01A01000 \SystemRoot\System32\drivers\tcpip.sys

0x019AA000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01C7A000 \SystemRoot\system32\DRIVERS\timntr.sys

0x01D2A000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x01D3A000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x01D86000 \SystemRoot\System32\Drivers\spldr.sys

0x01D8E000 \SystemRoot\System32\drivers\rdyboost.sys

0x01DC8000 \SystemRoot\System32\Drivers\mup.sys

0x01DDA000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01C00000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01C3A000 \SystemRoot\system32\DRIVERS\disk.sys

0x015AE000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x048D3000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x048FD000 \SystemRoot\System32\Drivers\Null.SYS

0x04906000 \SystemRoot\System32\Drivers\Beep.SYS

0x0490D000 \SystemRoot\System32\drivers\vga.sys

0x0491B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x04940000 \SystemRoot\System32\drivers\watchdog.sys

0x04950000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x04959000 \SystemRoot\system32\drivers\rdpencdd.sys

0x04962000 \SystemRoot\system32\drivers\rdprefmp.sys

0x0496B000 \SystemRoot\System32\Drivers\Msfs.SYS

0x04976000 \SystemRoot\System32\Drivers\Npfs.SYS

0x04987000 \SystemRoot\system32\DRIVERS\tdx.sys

0x049A5000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x04600000 \SystemRoot\system32\drivers\afd.sys

0x049B2000 \SystemRoot\System32\DRIVERS\netbt.sys

0x049F7000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x0468A000 \SystemRoot\system32\DRIVERS\pacer.sys

0x01C5E000 \SystemRoot\system32\DRIVERS\netbios.sys

0x01DE3000 \SystemRoot\system32\DRIVERS\serial.sys

0x01800000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x017EB000 \SystemRoot\system32\DRIVERS\termdd.sys

0x0403D000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SYMNETS.SYS

0x040A3000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

0x040D9000 \SystemRoot\system32\drivers\NAVx64\1201000.025\Ironx64.SYS

0x04105000 \SystemRoot\system32\drivers\NAVx64\1201000.025\SRTSPX64.SYS

0x0411B000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x0416C000 \SystemRoot\system32\drivers\nsiproxy.sys

0x04178000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x04183000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101015.005\IDSvia64.sys

0x04000000 \SystemRoot\system32\DRIVERS\EIO64.sys

0x0569B000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

0x05711000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x05736000 \SystemRoot\System32\drivers\discache.sys

0x05745000 \SystemRoot\system32\drivers\csc.sys

0x057C8000 \SystemRoot\System32\Drivers\dfsc.sys

0x057E6000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x05A7A000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101001.001\BHDrvx64.sys

0x05B67000 \SystemRoot\SysWow64\drivers\AsUpIO.sys

0x05B6D000 \SystemRoot\SysWow64\drivers\AsIO.sys

0x05B73000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x05B99000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x05BAF000 \SystemRoot\system32\drivers\ATKDispLowFilter.sys

0x05C1D000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x05D11000 \SystemRoot\System32\drivers\dxgmms1.sys

0x05D57000 \SystemRoot\system32\DRIVERS\atikmpag.sys

0x05EDC000 \SystemRoot\system32\DRIVERS\atipmdag.sys

0x06542000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x06566000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x06577000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x065CD000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys

0x065FC000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x05E00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x0683D000 \SystemRoot\system32\drivers\P17.sys

0x069C2000 \SystemRoot\system32\drivers\portcls.sys

0x06800000 \SystemRoot\system32\drivers\drmk.sys

0x05E56000 \SystemRoot\system32\drivers\ks.sys

0x06822000 \SystemRoot\system32\drivers\ksthunk.sys

0x05E99000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x06828000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x06830000 \SystemRoot\system32\DRIVERS\serenum.sys

0x05D8B000 \SystemRoot\system32\DRIVERS\intelsmb.sys

0x05D9B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x05ED7000 \SystemRoot\system32\drivers\asusgsb.sys

0x05DAB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x05DC1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x05DE5000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x05BB9000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x05C00000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x05A00000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x05A21000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x05DF1000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x05A3B000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x05A4A000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x065FE000 \SystemRoot\system32\DRIVERS\swenum.sys

0x05A59000 \SystemRoot\system32\DRIVERS\umbus.sys

0x05600000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x05BE8000 \SystemRoot\system32\DRIVERS\nusb3hub.sys

0x0565A000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x0566F000 \SystemRoot\system32\drivers\AtiHdmi.sys

0x078AC000 \SystemRoot\system32\drivers\HdAudio.sys

0x07908000 \SystemRoot\System32\Drivers\crashdmp.sys

0x046B0000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x07916000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x000E0000 \SystemRoot\System32\win32k.sys

0x07929000 \SystemRoot\System32\drivers\Dxapi.sys

0x07935000 \SystemRoot\system32\DRIVERS\monitor.sys

0x005C0000 \SystemRoot\System32\TSDDD.dll

0x00910000 \SystemRoot\System32\ATMFD.DLL

0x006A0000 \SystemRoot\System32\cdd.dll

0x07943000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x07960000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x0796E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x07987000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x07990000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x0799E000 \SystemRoot\system32\DRIVERS\usbscan.sys

0x079AF000 \SystemRoot\system32\DRIVERS\usbprint.sys

0x079BB000 \SystemRoot\system32\DRIVERS\dot4usb.sys

0x079CB000 \SystemRoot\system32\DRIVERS\Dot4.sys

0x079F3000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys

0x07800000 \SystemRoot\system32\drivers\luafv.sys

0x07823000 \SystemRoot\system32\DRIVERS\tifsfilt.sys

0x0783A000 \SystemRoot\system32\drivers\WudfPf.sys

0x0785B000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x07868000 \SystemRoot\system32\DRIVERS\point64.sys

0x07878000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x0788D000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0426F000 \SystemRoot\system32\drivers\HTTP.sys

0x04337000 \SystemRoot\system32\DRIVERS\bowser.sys

0x04355000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0436D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0439A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x04200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x04223000 \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS

0x07E4E000 \SystemRoot\system32\drivers\peauth.sys

0x07EF4000 \SystemRoot\System32\Drivers\secdrv.SYS

0x07EFF000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x07F2C000 \SystemRoot\System32\drivers\tcpipreg.sys

0x07F3E000 \SystemRoot\System32\DRIVERS\srv2.sys

0x09851000 \SystemRoot\System32\DRIVERS\srv.sys

0x098E7000 \SystemRoot\System32\Drivers\NAVx64\1201000.025\SRTSP64.SYS

0x0A63D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101019.004\EX64.SYS

0x0A600000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101019.004\ENG64.SYS

0x099A1000 \SystemRoot\System32\drivers\rdpdr.sys

0x0A620000 \SystemRoot\system32\drivers\tdtcp.sys

0x0A62B000 \SystemRoot\System32\DRIVERS\tssecsrv.sys

0x09800000 \SystemRoot\System32\Drivers\RDPWD.SYS

0x77560000 \Windows\System32\ntdll.dll

0x48460000 \Windows\System32\smss.exe

0xFF880000 \Windows\System32\apisetschema.dll

0xFF350000 \Windows\System32\autochk.exe

0xFF7D0000 \Windows\System32\clbcatq.dll

0xFF6A0000 \Windows\System32\rpcrt4.dll

0xFF620000 \Windows\System32\shlwapi.dll

0xFF4F0000 \Windows\System32\wininet.dll

0x77730000 \Windows\System32\psapi.dll

0xFF450000 \Windows\System32\msvcrt.dll

0xFF370000 \Windows\System32\advapi32.dll

0xFF340000 \Windows\System32\imm32.dll

0xFF330000 \Windows\System32\lpk.dll

0xFF0D0000 \Windows\System32\iertutil.dll

0xFEEC0000 \Windows\System32\ole32.dll

0xFEEA0000 \Windows\System32\imagehlp.dll

0x77720000 \Windows\System32\normaliz.dll

0xFE110000 \Windows\System32\shell32.dll

0xFE040000 \Windows\System32\usp10.dll

0xFDF30000 \Windows\System32\msctf.dll

0xFDEE0000 \Windows\System32\ws2_32.dll

0xFDED0000 \Windows\System32\nsi.dll

0xFDEB0000 \Windows\System32\sechost.dll

0xFDCD0000 \Windows\System32\setupapi.dll

0x77460000 \Windows\System32\user32.dll

0xFDC80000 \Windows\System32\Wldap32.dll

0xFDB00000 \Windows\System32\urlmon.dll

0xFDA80000 \Windows\System32\difxapi.dll

0x77340000 \Windows\System32\kernel32.dll

0xFDA10000 \Windows\System32\gdi32.dll

0xFD970000 \Windows\System32\comdlg32.dll

0xFD890000 \Windows\System32\oleaut32.dll

0xFD850000 \Windows\System32\cfgmgr32.dll

0xFD6E0000 \Windows\System32\crypt32.dll

0xFD670000 \Windows\System32\KernelBase.dll

0xFD5D0000 \Windows\System32\comctl32.dll

0xFD5B0000 \Windows\System32\devobj.dll

0xFD570000 \Windows\System32\wintrust.dll

0xFD560000 \Windows\System32\msasn1.dll

Processes (total 61):

0 System Idle Process

4 System

376 C:\Windows\System32\smss.exe

480 csrss.exe

544 C:\Windows\System32\wininit.exe

568 csrss.exe

600 C:\Windows\System32\services.exe

620 C:\Windows\System32\lsass.exe

628 C:\Windows\System32\lsm.exe

728 C:\Windows\System32\winlogon.exe

792 C:\Windows\System32\svchost.exe

852 C:\Windows\System32\ATKFUSService.exe

892 C:\Windows\System32\svchost.exe

952 C:\Windows\System32\atiesrxx.exe

996 C:\Windows\System32\svchost.exe

136 C:\Windows\System32\svchost.exe

424 C:\Windows\System32\svchost.exe

688 C:\Windows\System32\audiodg.exe

908 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

1072 C:\Windows\System32\svchost.exe

1200 C:\Windows\System32\svchost.exe

1324 C:\Windows\System32\atieclxx.exe

1348 C:\Windows\System32\spoolsv.exe

1384 C:\Windows\System32\svchost.exe

1496 C:\Windows\SysWOW64\ASDR.exe

1532 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

1560 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

1604 C:\Windows\System32\svchost.exe

1640 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

1684 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

1728 C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

1764 C:\Windows\System32\svchost.exe

1788 C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe

1876 C:\Windows\System32\svchost.exe

1904 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

1968 C:\Windows\System32\svchost.exe

2028 C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

2096 C:\Windows\System32\taskhost.exe

2104 C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe

2244 C:\Windows\System32\dwm.exe

2268 C:\Windows\explorer.exe

2420 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

2428 C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe

2452 C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

2552 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

2576 C:\Windows\System32\taskeng.exe

2656 C:\Windows\SysWOW64\rundll32.exe

2704 C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

2752 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

2792 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

2948 PrintIsolationHost.exe

3024 C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe

2824 WmiPrvSE.exe

808 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

3188 C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

3576 WmiPrvSE.exe

3636 C:\Windows\System32\SearchIndexer.exe

3824 C:\Windows\System32\SearchProtocolHost.exe

3868 C:\Windows\System32\SearchFilterHost.exe

4484 C:\Users\Em\Desktop\MBRCheck.exe

4516 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: KINGSTONSNV425S264GB, Rev: C091126a

PhysicalDrive2 Model Number: HitachiHDS721010CLA332, Rev: JP4OA39C

PhysicalDrive1 Model Number: WDCWD10EARS-00Y5B1, Rev: 80.00A80

Size Device Name MBR Status

--------------------------------------------

59 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

931 GB \\.\PhysicalDrive2 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

931 GB \\.\PhysicalDrive1 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4867

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/19/2010 5:15:38 PM

mbam-log-2010-10-19 (17-15-38).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 433255

Time elapsed: 34 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Looks good! Do you have any problems left?

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

C:\Program Files\WinRAR\Keygen.exe a variant of Win32/Keygen.AI application cleaned by deleting - quarantined

C:\Users\Em\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\42443d56-58683c5d multiple threats deleted - quarantined

C:\Users\Em\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-3864331c probably a variant of Win32/Agent.EYYIRRW trojan deleted - quarantined

C:\Users\Em\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\386e6064-3212c90a a variant of Java/Rowindal.A trojan deleted - quarantined

C:\Users\Em\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\a0dd2be-1b7e31cc a variant of Java/Exploit.Agent.NAC trojan deleted - quarantined

Link to post
Share on other sites

Hi, those were just some leftovers. If you have no problems left, you are good to go. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Rerun OTL and click the Cleanup button. Allow a reboot. This will remove all logs and tools.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.