Solved Svchost.exe (trojan(something)) returns after reboot

[m0nk3n]

Hi, I'm new here and it was either this or microsoft support but I read some other topics about malwarebytes finding and stopping svchost.exe trojan but it return everytime I reboot my computer.
malwarebytes wants to contain it then I does that sometimes it freezes the computer and other times not. I had thinking about wrecking the hdd since I downloaded gomplayer once and I double clicked the file to install it but it dissapeared so I downloaded it again and double clicked it and it dissapeared and the wallpaper was all 1's and 0's. idk why I got that from a video player software.

anyway. malwarebytes arent able to remove the trojan wich I found out it's located in the c:users\myusername\appdata\local\temp. I ran mrt and it found 3 files but couldnt delete them for some reason.

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


RogueKiller Scan

• Download RogueKiller from the following link and save it on your desktop:
  TechSpot
  Official Site (alternative
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

 

[m0nk3n]

RogueKiller V8.5.1 [Feb 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jon [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/18/2013 20:15:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 2 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 72 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 8 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 664 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume5 -- 0x3 --> Restored
[F:] \Device\HarddiskVolume6 -- 0x3 --> Restored
[G:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[H:] \Device\CdRom0 -- 0x5 --> Skipped
[I:] \Device\CdRom1 -- 0x5 --> Skipped

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[5]_SC_02182013_02d2015.txt >>
RKreport[1]_S_02182013_02d1115.txt ; RKreport[2]_D_02182013_02d1118.txt ; RKreport[3]_S_02182013_02d2010.txt ; RKreport[4]_D_02182013_02d2013.txt ; RKreport[5]_SC_02182013_02d2015.txt

 

[m0nk3n]

RogueKiller V8.5.1 [Feb 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jon [Admin rights]
Mode : Remove -- Date : 02/18/2013 20:13:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\Desktop.ini [-] --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00L5B1 ATA Device +++++
--- User ---
[MBR] bfee1e1353248b1ab404402a3cc5604b
[BSP] 9488371b38d42e5eb745c9ba0fa07e4b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000528AS ATA Device +++++
--- User ---
[MBR] 5584b46757e24d3c2daf5e602affe2d9
[BSP] 18c9ebb4d18767eb89342d92b4dfff13 : Linux MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 5806e0ad5c9b41cb0fd6e945525dd174
[BSP] f97b955cfdc8647899c9bce60a504418 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD15EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] fe0461a4e18847bfba82bdcb84116d26
[BSP] 89844a27d1e3e1cf6be3ee3cc0a205d0 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430803 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 52bc9653096a172d7940d2aee92699ac
[BSP] 9f581c53665f591506c8c9c896051c9e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_02182013_02d2013.txt >>
RKreport[1]_S_02182013_02d1115.txt ; RKreport[2]_D_02182013_02d1118.txt ; RKreport[3]_S_02182013_02d2010.txt ; RKreport[4]_D_02182013_02d2013.txt

 

[m0nk3n]

RogueKiller V8.5.1 [Feb 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jon [Admin rights]
Mode : Scan -- Date : 02/18/2013 20:10:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\Desktop.ini [-] --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00L5B1 ATA Device +++++
--- User ---
[MBR] bfee1e1353248b1ab404402a3cc5604b
[BSP] 9488371b38d42e5eb745c9ba0fa07e4b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000528AS ATA Device +++++
--- User ---
[MBR] 5584b46757e24d3c2daf5e602affe2d9
[BSP] 18c9ebb4d18767eb89342d92b4dfff13 : Linux MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 5806e0ad5c9b41cb0fd6e945525dd174
[BSP] f97b955cfdc8647899c9bce60a504418 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD15EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] fe0461a4e18847bfba82bdcb84116d26
[BSP] 89844a27d1e3e1cf6be3ee3cc0a205d0 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430803 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 52bc9653096a172d7940d2aee92699ac
[BSP] 9f581c53665f591506c8c9c896051c9e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_02182013_02d2010.txt >>
RKreport[1]_S_02182013_02d1115.txt ; RKreport[2]_D_02182013_02d1118.txt ; RKreport[3]_S_02182013_02d2010.txt

 

[m0nk3n]

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jon [Admin rights]
Mode : Remove -- Date : 02/18/2013 11:18:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Recent.vbe) [-] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00L5B1 ATA Device +++++
--- User ---
[MBR] bfee1e1353248b1ab404402a3cc5604b
[BSP] 9488371b38d42e5eb745c9ba0fa07e4b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000528AS ATA Device +++++
--- User ---
[MBR] 5584b46757e24d3c2daf5e602affe2d9
[BSP] 18c9ebb4d18767eb89342d92b4dfff13 : Linux MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 5806e0ad5c9b41cb0fd6e945525dd174
[BSP] f97b955cfdc8647899c9bce60a504418 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD15EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] fe0461a4e18847bfba82bdcb84116d26
[BSP] 89844a27d1e3e1cf6be3ee3cc0a205d0 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430803 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 52bc9653096a172d7940d2aee92699ac
[BSP] 9f581c53665f591506c8c9c896051c9e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02182013_02d1118.txt >>
RKreport[1]_S_02182013_02d1115.txt ; RKreport[2]_D_02182013_02d1118.txt

 

[m0nk3n]

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jon [Admin rights]
Mode : Scan -- Date : 02/18/2013 11:15:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Recent.vbe) [-] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00L5B1 ATA Device +++++
--- User ---
[MBR] bfee1e1353248b1ab404402a3cc5604b
[BSP] 9488371b38d42e5eb745c9ba0fa07e4b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000528AS ATA Device +++++
--- User ---
[MBR] 5584b46757e24d3c2daf5e602affe2d9
[BSP] 18c9ebb4d18767eb89342d92b4dfff13 : Linux MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 5806e0ad5c9b41cb0fd6e945525dd174
[BSP] f97b955cfdc8647899c9bce60a504418 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD15EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] fe0461a4e18847bfba82bdcb84116d26
[BSP] 89844a27d1e3e1cf6be3ee3cc0a205d0 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430803 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 52bc9653096a172d7940d2aee92699ac
[BSP] 9f581c53665f591506c8c9c896051c9e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02182013_02d1115.txt >>
RKreport[1]_S_02182013_02d1115.txt

 

[Jay Pfoutz]

Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst64.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Place a check next to List Drivers MD5 as well as the default check marks that are already there
• Press Scan button. It will do its scan and save a log on your flash drive.
• Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
  
  
  
  When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
• Type exit in the Command Prompt window and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

 

[m0nk3n]

Do I have to download it on the other computer on the flash drive?

 

[Jay Pfoutz]

However it works out. Any way you can get it on the flash drive, go for it.

 

[m0nk3n]

I dont have mouse and keyboard when im supposed to choose language.

 

[m0nk3n]

I dont have mouse and keyboard in either when I press f8 or using the windows installation cd

 

[m0nk3n]

Fixed it. usb 3.0 vs usb 2.0 scenario

 

[m0nk3n]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2013 01
Ran by SYSTEM at 18-02-2013 21:41:15
Running from J:\
Windows 7 Ultimate (X64) OS Language: Norwegian Bokmal
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6827664 2012-12-23] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe [252544 2010-11-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-30] ()
HKLM-x32\...\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKU\Jon\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\Jon\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3673728 2012-11-06] (DT Soft Ltd)
HKU\Jon\...\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [237056 2012-11-28] (SteelSeries ApS)
HKU\Jon\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18708224 2013-01-08] (Skype Technologies S.A.)
HKU\Jon\...\Run: [Spotify] "C:\Users\Jon\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [5926808 2013-02-16] (Spotify Ltd)
HKU\Jon\...\Run: [Spotify Web Helper] "C:\Users\Jon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199000 2013-02-16] (Spotify Ltd)
HKU\Jon\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
Tcpip\Parameters: [DhcpNameServer] 193.213.112.4 130.67.15.198 10.0.0.138
Tcpip\..\Interfaces\{E9EED517-B476-4CF0-A4A6-A141B63A5AB4}: [NameServer]8.8.8.8,8.8.4.4

==================== Services (Whitelisted) ===================

2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-12-23] ()
2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-12-23] (ASUSTeK Computer Inc.)
2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-12-23] (ASUSTeK Computer Inc.)
2 AsusFanControlService; "C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe" [1457664 2012-12-23] (ASUSTeK Computer Inc.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22056 2013-01-27] (Microsoft Corporation)
2 NeroMediaHomeService.4; "C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe" [517416 2012-02-28] (Nero AG)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) =====================

3 AiChargerPlus; C:\Windows\SysWow64\Drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2012-12-23] ()
1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2012-12-23] ()
3 ASUSFILTER; C:\Windows\SysWow64\Drivers\ASUSFILTER.sys [46152 2012-12-23] (MCCI Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2012-10-15] (SteelSeries Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-23] (Duplex Secure Ltd.)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-02-18 21:40 - 2013-02-18 21:40 - 00000000 ____D C:\FRST
2013-02-18 20:53 - 2013-02-18 20:53 - 00000781 ____A C:\Windows\setupact.log
2013-02-18 20:53 - 2013-02-18 20:53 - 00000000 ____A C:\Windows\setuperr.log
2013-02-18 20:15 - 2013-02-18 20:15 - 00001568 ____A C:\Users\Jon\Desktop\RKreport[5]_SC_02182013_02d2015.txt
2013-02-18 20:13 - 2013-02-18 20:13 - 00002666 ____A C:\Users\Jon\Desktop\RKreport[4]_D_02182013_02d2013.txt
2013-02-18 20:10 - 2013-02-18 20:10 - 00002625 ____A C:\Users\Jon\Desktop\RKreport[3]_S_02182013_02d2010.txt
2013-02-18 20:07 - 2013-02-18 20:07 - 00798208 ____A C:\Users\Jon\Desktop\RogueKiller (1).exe
2013-02-18 19:59 - 2013-02-18 19:59 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Jon\Desktop\tdsskiller (1).exe
2013-02-18 11:18 - 2013-02-18 11:18 - 00002792 ____A C:\Users\Jon\Desktop\RKreport[2]_D_02182013_02d1118.txt
2013-02-18 11:15 - 2013-02-18 11:15 - 00002737 ____A C:\Users\Jon\Desktop\RKreport[1]_S_02182013_02d1115.txt
2013-02-18 11:14 - 2013-02-18 20:12 - 00000000 ____D C:\Users\Jon\Desktop\RK_Quarantine
2013-02-18 11:13 - 2013-02-18 11:13 - 00798208 ____A C:\Users\Jon\Downloads\RogueKiller.exe
2013-02-18 07:25 - 2013-02-18 09:17 - 00000000 ____D C:\Program Files (x86)\Trojan SVCHOSTRemoval Tool
2013-02-18 07:25 - 2013-02-18 07:25 - 00001365 ____A C:\Users\Jon\Desktop\Trojan SVCHOSTRemoval Tool.lnk
2013-02-18 07:25 - 2012-12-10 10:04 - 00356352 ____A (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2013-02-18 07:25 - 2012-12-10 10:04 - 00081920 ____A (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2013-02-18 07:25 - 2009-07-23 17:32 - 01122304 ____A (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2013-02-18 07:25 - 2009-07-23 17:32 - 00274432 ____A (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2013-02-18 07:23 - 2013-02-18 07:23 - 02729904 ____A (Security Stronghold ) C:\Users\Jon\Downloads\TrojanSVCHOSTRemovalTool.exe
2013-02-18 07:20 - 2013-02-18 07:20 - 00000000 ____D C:\Program Files\CCleaner
2013-02-18 07:19 - 2013-02-18 07:19 - 04189792 ____A (Piriform Ltd) C:\Users\Jon\Downloads\ccsetup327.exe
2013-02-18 07:13 - 2013-02-18 07:13 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Jon\Downloads\tdsskiller.exe
2013-02-18 07:03 - 2013-02-18 07:04 - 19139088 ____A (Microsoft Corporation) C:\Users\Jon\Downloads\Windows-KB890830-x64-V4.17.exe
2013-02-18 06:58 - 2013-02-18 07:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-02-18 06:58 - 2013-02-18 06:58 - 00002173 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-02-18 06:58 - 2013-02-18 06:58 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-02-18 06:58 - 2009-01-25 12:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-02-18 06:57 - 2013-02-18 06:57 - 55454464 ____A (Safer-Networking Ltd. ) C:\Users\Jon\Downloads\SpybotSD2.exe
2013-02-18 06:01 - 2013-01-09 07:02 - 08390656 ____A C:\Users\Jon\Desktop\Rampage-IV-Extreme-ASUS-3404.CAP
2013-02-18 05:59 - 2013-02-18 05:59 - 04331547 ____A C:\Users\Jon\Downloads\Rampage-IV-Extreme-ASUS-3404.zip
2013-02-17 10:26 - 2013-02-17 10:27 - 49227190 ____A C:\Users\Jon\Downloads\DCPlusPlus-0.810.exe
2013-02-16 06:49 - 2013-02-16 06:49 - 00001757 ____A C:\Users\Jon\Desktop\Spotify.lnk
2013-02-16 06:49 - 2013-02-16 06:49 - 00000000 ____D C:\Users\Jon\AppData\Local\Spotify
2013-02-16 06:48 - 2013-02-18 06:45 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Spotify
2013-02-16 06:48 - 2013-02-16 06:48 - 00090624 ____A (Spotify Ltd) C:\Users\Jon\Downloads\SpotifySetup.exe
2013-02-14 19:33 - 2013-02-14 19:33 - 04873520 ____A C:\Users\Jon\Downloads\YTDSetup.exe
2013-02-13 19:12 - 2013-02-13 19:12 - 00000000 ____D C:\Users\Jon\AppData\Local\DDMSettings
2013-02-13 16:52 - 2013-01-09 02:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-13 16:52 - 2013-01-09 02:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-13 16:52 - 2013-01-09 02:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-13 16:52 - 2013-01-09 02:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-13 16:52 - 2013-01-09 02:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-13 16:52 - 2013-01-09 02:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-13 16:52 - 2013-01-09 02:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-13 16:52 - 2013-01-09 02:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-13 16:52 - 2013-01-09 02:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-13 16:52 - 2013-01-09 02:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-13 16:52 - 2013-01-09 02:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-13 16:52 - 2013-01-09 02:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-13 16:52 - 2013-01-09 02:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-13 16:52 - 2013-01-09 02:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-13 16:52 - 2013-01-09 02:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-13 16:52 - 2013-01-09 02:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-13 16:52 - 2013-01-08 23:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-13 16:52 - 2013-01-08 23:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-13 16:52 - 2013-01-08 23:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-13 16:52 - 2013-01-08 23:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-13 16:52 - 2013-01-08 23:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-13 16:52 - 2013-01-08 23:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-13 16:52 - 2013-01-08 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-13 16:52 - 2013-01-08 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-13 16:52 - 2013-01-08 22:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-13 16:52 - 2013-01-08 22:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-13 16:52 - 2013-01-08 22:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-13 16:52 - 2013-01-08 22:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-13 16:52 - 2013-01-08 22:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-13 16:52 - 2013-01-08 22:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-13 16:52 - 2013-01-08 22:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-13 16:52 - 2013-01-08 22:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-13 11:13 - 2013-02-13 11:13 - 00001912 ____A C:\Windows\epplauncher.mif
2013-02-13 11:08 - 2013-01-05 06:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-13 11:08 - 2013-01-05 06:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-13 11:08 - 2013-01-05 06:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-13 11:07 - 2013-01-04 06:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-13 11:07 - 2013-01-04 05:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-13 11:07 - 2013-01-04 04:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-13 11:07 - 2013-01-04 03:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-13 11:07 - 2013-01-04 03:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-13 11:07 - 2013-01-04 03:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-13 11:07 - 2013-01-04 03:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-13 11:06 - 2013-01-03 07:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-13 11:06 - 2013-01-03 07:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-02-13 10:57 - 2013-02-13 10:57 - 00000000 ____D C:\Users\Jon\AppData\Local\FLT
2013-02-13 10:47 - 2013-02-14 09:05 - 00009216 __ASH C:\Users\Jon\Desktop\Thumbs.db
2013-02-13 10:38 - 2013-02-13 16:57 - 01333634 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-02-13 08:28 - 2013-02-13 08:28 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-02-13 08:28 - 2013-02-13 08:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-02-13 08:28 - 2013-02-13 08:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-02-13 08:28 - 2013-02-13 08:28 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-02-13 08:28 - 2013-02-13 08:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-02-11 16:42 - 2013-02-11 16:42 - 00000000 ____D C:\Users\Jon\AppData\Roaming\HackSlashLoot
2013-02-10 22:45 - 2013-02-10 23:01 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Might & Magic Heroes VI
2013-02-10 22:45 - 2013-02-10 23:01 - 00000000 ____D C:\Users\Jon\AppData\Local\Ubisoft Game Launcher
2013-02-10 22:45 - 2013-02-10 22:51 - 00000000 ____D C:\Users\Jon\Documents\Might & Magic Heroes VI
2013-02-10 22:36 - 2013-02-10 22:36 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-02-10 17:36 - 2013-02-10 17:36 - 00000000 ____D C:\Users\Jon\Desktop\Ny mappe
2013-02-10 08:12 - 2013-02-10 08:12 - 00001545 ____A C:\Users\Jon\Desktop\dont rain on my parade.txt
2013-02-09 07:13 - 2013-02-09 07:13 - 00001098 ____A C:\Users\Jon\Desktop\Heroes3 - Snarvei.lnk
2013-02-09 04:09 - 2013-02-09 04:39 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Omerta
2013-02-07 11:00 - 2013-02-07 11:00 - 00000000 ____D C:\Users\Jon\AppData\Local\Funcom
2013-02-05 10:46 - 2013-02-05 10:46 - 00000000 ____D C:\Users\Jon\AppData\Local\PunkBuster
2013-02-05 10:46 - 2013-02-05 10:46 - 00000000 ____D C:\ProgramData\Orbit
2013-02-05 10:21 - 2013-02-14 09:08 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-02-04 15:13 - 2013-02-04 15:13 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Windows Live Writer
2013-02-04 15:13 - 2013-02-04 15:13 - 00000000 ____D C:\Users\Jon\AppData\Local\Windows Live Writer
2013-02-04 02:21 - 2013-02-04 02:21 - 00000000 ____D C:\ProgramData\TERA
2013-02-03 04:53 - 2013-02-03 04:53 - 00000000 ____D C:\Users\Jon\AppData\Local\SCE
2013-02-03 01:48 - 2013-02-03 01:48 - 00000000 ____D C:\ProgramData\ATI
2013-02-03 01:48 - 2013-02-03 01:48 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-02-03 01:48 - 2013-02-03 01:48 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-02-03 01:41 - 2013-02-03 01:43 - 153548912 ____A (Advanced Micro Devices, Inc.) C:\Users\Jon\Downloads\13-1_vista_win7_win8_64_dd_ccc_whql.exe
2013-01-30 04:42 - 2013-01-30 04:42 - 00000000 ____D C:\ProgramData\Steam
2013-01-29 03:25 - 2013-01-29 03:26 - 00000000 ____D C:\xenomorph
2013-01-28 18:16 - 2013-02-18 08:19 - 00000000 ____D C:\Users\Jon\AppData\Roaming\DC++
2013-01-28 18:16 - 2013-02-18 08:19 - 00000000 ____D C:\Users\Jon\AppData\Local\DC++
2013-01-28 18:15 - 2013-01-28 18:16 - 00000000 ____D C:\Program Files (x86)\DC++
2013-01-28 15:41 - 2013-01-28 15:41 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Nero
2013-01-28 15:31 - 2013-01-30 06:15 - 00000000 ____D C:\users\NeroMediaHomeUser.4
2013-01-28 15:31 - 2013-01-28 15:31 - 00000020 ___SH C:\Users\NeroMediaHomeUser.4\ntuser.ini
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Start-meny
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Skrivere
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Mine dokumenter
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Maler
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Lokale innstillinger
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Documents\Mine bilder
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Documents\Min musikk
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Documents\Intern video
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\AppData\Local\Logg
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\AndrMask
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Nero
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 ____D C:\Users\Jon\AppData\Local\Nero
2013-01-28 15:29 - 2013-01-28 15:31 - 00000000 ____D C:\ProgramData\Nero
2013-01-28 15:29 - 2013-01-28 15:30 - 00000000 ____D C:\Program Files (x86)\Nero
2013-01-28 15:29 - 2013-01-28 15:29 - 00002383 ____A C:\Users\Public\Desktop\Nero MediaHome 4.lnk
2013-01-28 15:21 - 2013-01-28 15:22 - 85139100 ____A C:\Users\Jon\Downloads\NMH-4.5.20.45_LGE.zip
2013-01-27 23:46 - 2013-01-28 00:02 - 00000000 ____D C:\Users\Jon\Documents\Euro Truck Simulator 2
2013-01-27 02:39 - 2013-01-27 02:39 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-01-27 01:51 - 2013-01-27 01:58 - 00000000 ____D C:\Users\Jon\Documents\SEGA Mega Drive Classics
2013-01-26 21:41 - 2013-01-26 21:40 - 01081760 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-01-26 21:41 - 2013-01-26 21:40 - 00960416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-01-26 21:41 - 2013-01-26 21:40 - 00308640 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-01-26 21:41 - 2013-01-26 21:40 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-01-26 21:41 - 2013-01-26 21:40 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-01-26 21:41 - 2013-01-26 21:40 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-01-26 21:40 - 2013-01-26 21:40 - 00000000 ____D C:\Program Files\Java
2013-01-26 21:30 - 2013-02-13 17:00 - 00000000 ____D C:\Users\Jon\AppData\Roaming\.minecraft
2013-01-26 21:30 - 2013-01-26 21:30 - 00263186 ____A C:\Users\Jon\Desktop\Minecraft.exe
2013-01-26 21:00 - 2013-01-26 21:04 - 00000000 ____D C:\Users\Jon\AppData\Roaming\NationRed
2013-01-26 20:42 - 2013-01-26 20:42 - 00000000 ____D C:\ProgramData\Remedy
2013-01-20 15:59 - 2013-01-20 15:59 - 00230320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2013-01-19 17:43 - 2013-01-19 17:43 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-01-19 17:43 - 2013-01-19 17:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-01-19 17:43 - 2008-07-12 08:18 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2013-01-19 17:43 - 2008-07-12 08:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-01-19 17:43 - 2008-07-12 08:18 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2013-01-19 17:43 - 2008-07-12 08:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-01-19 17:43 - 2008-07-12 08:18 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2013-01-19 17:43 - 2008-07-12 08:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-01-19 05:31 - 2013-01-19 05:31 - 00000000 ____D C:\Users\Jon\Documents\Gaslamp Games
2013-01-19 03:06 - 2013-01-19 03:06 - 00000000 ____D C:\Users\Jon\AppData\Local\2K Games
2013-01-19 03:06 - 2013-01-19 03:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-01-19 01:07 - 2013-01-19 01:07 - 00013057 ____A C:\Users\Jon\Desktop\Lyd - Snarvei.lnk

==================== One Month Modified Files and Folders =======

2013-02-18 21:40 - 2013-02-18 21:40 - 00000000 ____D C:\FRST
2013-02-18 21:00 - 2012-12-23 05:30 - 00000000 ____D C:\users\Jon
2013-02-18 21:00 - 2012-12-23 05:29 - 01848220 ____A C:\Windows\WindowsUpdate.log
2013-02-18 20:56 - 2009-07-14 10:16 - 00492494 ____A C:\Windows\System32\perfh014.dat
2013-02-18 20:56 - 2009-07-14 10:16 - 00094284 ____A C:\Windows\System32\perfc014.dat
2013-02-18 20:56 - 2009-07-14 06:13 - 01355478 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-18 20:53 - 2013-02-18 20:53 - 00000781 ____A C:\Windows\setupact.log
2013-02-18 20:53 - 2013-02-18 20:53 - 00000000 ____A C:\Windows\setuperr.log
2013-02-18 20:35 - 2012-12-23 06:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-18 20:15 - 2013-02-18 20:15 - 00001568 ____A C:\Users\Jon\Desktop\RKreport[5]_SC_02182013_02d2015.txt
2013-02-18 20:13 - 2013-02-18 20:13 - 00002666 ____A C:\Users\Jon\Desktop\RKreport[4]_D_02182013_02d2013.txt
2013-02-18 20:12 - 2013-02-18 11:14 - 00000000 ____D C:\Users\Jon\Desktop\RK_Quarantine
2013-02-18 20:10 - 2013-02-18 20:10 - 00002625 ____A C:\Users\Jon\Desktop\RKreport[3]_S_02182013_02d2010.txt
2013-02-18 20:08 - 2012-12-23 07:49 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-02-18 20:07 - 2013-02-18 20:07 - 00798208 ____A C:\Users\Jon\Desktop\RogueKiller (1).exe
2013-02-18 19:59 - 2013-02-18 19:59 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Jon\Desktop\tdsskiller (1).exe
2013-02-18 11:21 - 2009-07-14 05:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-18 11:21 - 2009-07-14 05:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-18 11:18 - 2013-02-18 11:18 - 00002792 ____A C:\Users\Jon\Desktop\RKreport[2]_D_02182013_02d1118.txt
2013-02-18 11:15 - 2013-02-18 11:15 - 00002737 ____A C:\Users\Jon\Desktop\RKreport[1]_S_02182013_02d1115.txt
2013-02-18 11:13 - 2013-02-18 11:13 - 00798208 ____A C:\Users\Jon\Downloads\RogueKiller.exe
2013-02-18 11:02 - 2012-12-23 08:03 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Winamp
2013-02-18 09:17 - 2013-02-18 07:25 - 00000000 ____D C:\Program Files (x86)\Trojan SVCHOSTRemoval Tool
2013-02-18 08:52 - 2012-12-26 16:59 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Skype
2013-02-18 08:48 - 2012-12-23 08:01 - 00000000 ____D C:\Users\Jon\AppData\Roaming\mIRC
2013-02-18 08:19 - 2013-01-28 18:16 - 00000000 ____D C:\Users\Jon\AppData\Roaming\DC++
2013-02-18 08:19 - 2013-01-28 18:16 - 00000000 ____D C:\Users\Jon\AppData\Local\DC++
2013-02-18 07:29 - 2013-01-09 12:08 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Media Player Classic
2013-02-18 07:29 - 2013-01-08 18:11 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Azureus
2013-02-18 07:29 - 2012-12-27 05:20 - 00000000 ____D C:\Users\Jon\Tracing
2013-02-18 07:29 - 2012-12-23 07:32 - 00000000 ____D C:\Users\Jon\AppData\Roaming\DAEMON Tools Lite
2013-02-18 07:29 - 2012-12-23 07:17 - 00000000 ____D C:\Users\Jon\AppData\Roaming\uTorrent
2013-02-18 07:29 - 2012-12-23 05:22 - 00000000 ____D C:\Windows\Panther
2013-02-18 07:26 - 2013-02-18 06:58 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-02-18 07:25 - 2013-02-18 07:25 - 00001365 ____A C:\Users\Jon\Desktop\Trojan SVCHOSTRemoval Tool.lnk
2013-02-18 07:23 - 2013-02-18 07:23 - 02729904 ____A (Security Stronghold ) C:\Users\Jon\Downloads\TrojanSVCHOSTRemovalTool.exe
2013-02-18 07:20 - 2013-02-18 07:20 - 00000000 ____D C:\Program Files\CCleaner
2013-02-18 07:19 - 2013-02-18 07:19 - 04189792 ____A (Piriform Ltd) C:\Users\Jon\Downloads\ccsetup327.exe
2013-02-18 07:13 - 2013-02-18 07:13 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Jon\Downloads\tdsskiller.exe
2013-02-18 07:04 - 2013-02-18 07:03 - 19139088 ____A (Microsoft Corporation) C:\Users\Jon\Downloads\Windows-KB890830-x64-V4.17.exe
2013-02-18 06:58 - 2013-02-18 06:58 - 00002173 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-02-18 06:58 - 2013-02-18 06:58 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-02-18 06:57 - 2013-02-18 06:57 - 55454464 ____A (Safer-Networking Ltd. ) C:\Users\Jon\Downloads\SpybotSD2.exe
2013-02-18 06:45 - 2013-02-16 06:48 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Spotify
2013-02-18 06:45 - 2013-01-16 13:15 - 00000982 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-18 06:45 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-18 06:01 - 2012-12-23 06:46 - 05455248 ____A C:\Windows\PE_File.dll
2013-02-18 06:01 - 2012-12-23 06:45 - 05465008 ____A C:\Windows\PE_Rom.dll
2013-02-18 05:59 - 2013-02-18 05:59 - 04331547 ____A C:\Users\Jon\Downloads\Rampage-IV-Extreme-ASUS-3404.zip
2013-02-17 10:27 - 2013-02-17 10:26 - 49227190 ____A C:\Users\Jon\Downloads\DCPlusPlus-0.810.exe
2013-02-16 06:49 - 2013-02-16 06:49 - 00001757 ____A C:\Users\Jon\Desktop\Spotify.lnk
2013-02-16 06:49 - 2013-02-16 06:49 - 00000000 ____D C:\Users\Jon\AppData\Local\Spotify
2013-02-16 06:48 - 2013-02-16 06:48 - 00090624 ____A (Spotify Ltd) C:\Users\Jon\Downloads\SpotifySetup.exe
2013-02-14 19:33 - 2013-02-14 19:33 - 04873520 ____A C:\Users\Jon\Downloads\YTDSetup.exe
2013-02-14 09:08 - 2013-02-05 10:21 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-02-14 09:05 - 2013-02-13 10:47 - 00009216 __ASH C:\Users\Jon\Desktop\Thumbs.db
2013-02-14 03:17 - 2013-01-16 13:15 - 00000986 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-14 03:16 - 2009-07-14 05:45 - 00277968 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-14 03:00 - 2012-12-23 06:10 - 00000000 ____D C:\Users\Jon\AppData\Local\Deployment
2013-02-13 19:12 - 2013-02-13 19:12 - 00000000 ____D C:\Users\Jon\AppData\Local\DDMSettings
2013-02-13 17:29 - 2013-01-08 02:38 - 00000000 ____D C:\Users\Jon\Documents\StarCraft II
2013-02-13 17:00 - 2013-01-26 21:30 - 00000000 ____D C:\Users\Jon\AppData\Roaming\.minecraft
2013-02-13 16:57 - 2013-02-13 10:38 - 01333634 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-02-13 16:33 - 2012-12-23 07:23 - 00000000 ____D C:\Program Files (x86)\DivX
2013-02-13 16:33 - 2012-12-23 07:20 - 00000000 ____D C:\ProgramData\DivX
2013-02-13 16:32 - 2012-12-23 07:24 - 00000000 ____D C:\Program Files\DivX
2013-02-13 11:13 - 2013-02-13 11:13 - 00001912 ____A C:\Windows\epplauncher.mif
2013-02-13 11:13 - 2012-12-23 06:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-02-13 11:13 - 2012-12-23 06:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-02-13 10:57 - 2013-02-13 10:57 - 00000000 ____D C:\Users\Jon\AppData\Local\FLT
2013-02-13 10:57 - 2012-12-23 10:03 - 00000000 ____D C:\Users\Jon\Documents\my games
2013-02-13 10:48 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-02-13 08:28 - 2013-02-13 08:28 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-02-13 08:28 - 2013-02-13 08:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-02-13 08:28 - 2013-02-13 08:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-02-13 08:28 - 2013-02-13 08:28 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-02-13 08:28 - 2013-02-13 08:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-02-13 08:28 - 2012-12-23 07:56 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-02-13 08:28 - 2012-12-23 07:56 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-02-11 16:42 - 2013-02-11 16:42 - 00000000 ____D C:\Users\Jon\AppData\Roaming\HackSlashLoot
2013-02-11 11:11 - 2012-12-23 06:05 - 00000000 ____D C:\ProgramData\Adobe
2013-02-11 11:10 - 2012-12-23 06:06 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-11 11:10 - 2012-12-23 06:06 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-10 23:01 - 2013-02-10 22:45 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Might & Magic Heroes VI
2013-02-10 23:01 - 2013-02-10 22:45 - 00000000 ____D C:\Users\Jon\AppData\Local\Ubisoft Game Launcher
2013-02-10 22:51 - 2013-02-10 22:45 - 00000000 ____D C:\Users\Jon\Documents\Might & Magic Heroes VI
2013-02-10 22:36 - 2013-02-10 22:36 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-02-10 22:36 - 2012-12-23 06:26 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-02-10 17:36 - 2013-02-10 17:36 - 00000000 ____D C:\Users\Jon\Desktop\Ny mappe
2013-02-10 08:12 - 2013-02-10 08:12 - 00001545 ____A C:\Users\Jon\Desktop\dont rain on my parade.txt
2013-02-09 07:13 - 2013-02-09 07:13 - 00001098 ____A C:\Users\Jon\Desktop\Heroes3 - Snarvei.lnk
2013-02-09 04:39 - 2013-02-09 04:09 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Omerta
2013-02-07 11:00 - 2013-02-07 11:00 - 00000000 ____D C:\Users\Jon\AppData\Local\Funcom
2013-02-06 06:09 - 2013-01-16 12:23 - 00000000 ____D C:\Users\Jon\Documents\EA Games
2013-02-06 06:09 - 2013-01-16 12:20 - 00000000 ____D C:\Users\Jon\AppData\Local\EA Games
2013-02-05 10:46 - 2013-02-05 10:46 - 00000000 ____D C:\Users\Jon\AppData\Local\PunkBuster
2013-02-05 10:46 - 2013-02-05 10:46 - 00000000 ____D C:\ProgramData\Orbit
2013-02-04 22:49 - 2012-12-26 17:06 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-04 15:13 - 2013-02-04 15:13 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Windows Live Writer
2013-02-04 15:13 - 2013-02-04 15:13 - 00000000 ____D C:\Users\Jon\AppData\Local\Windows Live Writer
2013-02-04 15:13 - 2012-12-26 16:09 - 00000000 ____D C:\Users\Jon\AppData\Local\Windows Live
2013-02-04 13:21 - 2012-12-23 07:25 - 00000000 ____D C:\Users\Jon\AppData\Roaming\DivX
2013-02-04 02:21 - 2013-02-04 02:21 - 00000000 ____D C:\ProgramData\TERA
2013-02-03 04:53 - 2013-02-03 04:53 - 00000000 ____D C:\Users\Jon\AppData\Local\SCE
2013-02-03 01:48 - 2013-02-03 01:48 - 00000000 ____D C:\ProgramData\ATI
2013-02-03 01:48 - 2013-02-03 01:48 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-02-03 01:48 - 2013-02-03 01:48 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-02-03 01:48 - 2012-12-23 06:06 - 00000000 ____D C:\ProgramData\AMD
2013-02-03 01:47 - 2012-12-25 19:46 - 00000000 ____D C:\Program Files\ATI Technologies
2013-02-03 01:43 - 2013-02-03 01:41 - 153548912 ____A (Advanced Micro Devices, Inc.) C:\Users\Jon\Downloads\13-1_vista_win7_win8_64_dd_ccc_whql.exe
2013-01-30 11:53 - 2012-12-23 06:46 - 00273840 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-01-30 06:15 - 2013-01-28 15:31 - 00000000 ____D C:\users\NeroMediaHomeUser.4
2013-01-30 04:42 - 2013-01-30 04:42 - 00000000 ____D C:\ProgramData\Steam
2013-01-29 07:15 - 2012-12-30 07:28 - 00419840 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2013-01-29 07:15 - 2012-12-30 07:28 - 00413696 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-01-29 07:15 - 2012-12-30 07:28 - 00133632 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2013-01-29 07:15 - 2012-12-30 07:28 - 00110592 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-01-29 03:26 - 2013-01-29 03:25 - 00000000 ____D C:\xenomorph
2013-01-28 18:16 - 2013-01-28 18:15 - 00000000 ____D C:\Program Files (x86)\DC++
2013-01-28 18:16 - 2012-12-23 05:30 - 00000000 ____D C:\Users\Jon\AppData\Local\VirtualStore
2013-01-28 15:41 - 2013-01-28 15:41 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Nero
2013-01-28 15:31 - 2013-01-28 15:31 - 00000020 ___SH C:\Users\NeroMediaHomeUser.4\ntuser.ini
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Start-meny
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Skrivere
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Mine dokumenter
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Maler
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Lokale innstillinger
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Documents\Mine bilder
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Documents\Min musikk
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\Documents\Intern video
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\AppData\Local\Logg
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 __SHD C:\Users\NeroMediaHomeUser.4\AndrMask
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Nero
2013-01-28 15:31 - 2013-01-28 15:31 - 00000000 ____D C:\Users\Jon\AppData\Local\Nero
2013-01-28 15:31 - 2013-01-28 15:29 - 00000000 ____D C:\ProgramData\Nero
2013-01-28 15:30 - 2013-01-28 15:29 - 00000000 ____D C:\Program Files (x86)\Nero
2013-01-28 15:29 - 2013-01-28 15:29 - 00002383 ____A C:\Users\Public\Desktop\Nero MediaHome 4.lnk
2013-01-28 15:22 - 2013-01-28 15:21 - 85139100 ____A C:\Users\Jon\Downloads\NMH-4.5.20.45_LGE.zip
2013-01-28 14:49 - 2012-12-23 05:57 - 00000028 ____A C:\Users\Jon\Desktop\hgp.txt
2013-01-28 00:02 - 2013-01-27 23:46 - 00000000 ____D C:\Users\Jon\Documents\Euro Truck Simulator 2
2013-01-27 07:01 - 2012-12-26 16:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-01-27 07:01 - 2012-12-26 16:55 - 00000000 ____D C:\ProgramData\Skype
2013-01-27 07:01 - 2012-12-26 16:55 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-01-27 02:39 - 2013-01-27 02:39 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-01-27 01:58 - 2013-01-27 01:51 - 00000000 ____D C:\Users\Jon\Documents\SEGA Mega Drive Classics
2013-01-26 21:40 - 2013-01-26 21:41 - 01081760 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-01-26 21:40 - 2013-01-26 21:41 - 00960416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-01-26 21:40 - 2013-01-26 21:41 - 00308640 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-01-26 21:40 - 2013-01-26 21:41 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-01-26 21:40 - 2013-01-26 21:41 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-01-26 21:40 - 2013-01-26 21:41 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-01-26 21:40 - 2013-01-26 21:40 - 00000000 ____D C:\Program Files\Java
2013-01-26 21:30 - 2013-01-26 21:30 - 00263186 ____A C:\Users\Jon\Desktop\Minecraft.exe
2013-01-26 21:04 - 2013-01-26 21:00 - 00000000 ____D C:\Users\Jon\AppData\Roaming\NationRed
2013-01-26 20:42 - 2013-01-26 20:42 - 00000000 ____D C:\ProgramData\Remedy
2013-01-20 18:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-01-20 15:59 - 2013-01-20 15:59 - 00230320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2013-01-20 15:59 - 2012-08-30 22:03 - 00130008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2013-01-19 17:43 - 2013-01-19 17:43 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-01-19 17:43 - 2013-01-19 17:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-01-19 05:31 - 2013-01-19 05:31 - 00000000 ____D C:\Users\Jon\Documents\Gaslamp Games
2013-01-19 03:06 - 2013-01-19 03:06 - 00000000 ____D C:\Users\Jon\AppData\Local\2K Games
2013-01-19 03:06 - 2013-01-19 03:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-01-19 01:07 - 2013-01-19 01:07 - 00013057 ____A C:\Users\Jon\Desktop\Lyd - Snarvei.lnk

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-13 16:52:28
Restore point made on: 2013-02-17 01:48:40

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16324.66 MB
Available physical RAM: 15112.61 MB
Total Pagefile: 16322.81 MB
Available Pagefile: 15107.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:868.53 GB) NTFS
2 Drive d: (Usortert) (Fixed) (Total:1397.26 GB) (Free:295.38 GB) NTFS
3 Drive e: (Spel) (Fixed) (Total:931.51 GB) (Free:642.02 GB) NTFS
4 Drive f: (Nedlasta) (Fixed) (Total:1863.01 GB) (Free:1552.56 GB) NTFS
5 Drive g: (Steam Platform) (Fixed) (Total:1863.01 GB) (Free:419.03 GB) NTFS
6 Drive I: (GRMCULXFRER_NO_DVD) (CDROM) (Total:2.9 GB) (Free:0 GB) UDF
7 Drive j: (KINGSTON) (Removable) (Total:7.23 GB) (Free:7.23 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (Reservert av systemet) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disknr. Status Str. Ledig Dyn GPT
-------- ------------- ------- ------- --- ---
Disk 0 Tilkoblet 931 G byte 0 byte
Disk 1 Tilkoblet 1397 G byte 0 byte
Disk 2 Tilkoblet 931 G byte 0 byte
Disk 3 Tilkoblet 1863 G byte 0 byte
Disk 4 Tilkoblet 1863 G byte 0 byte
Disk 5 Tilkoblet 7424 M byte 0 byte


Partitions of Disk 0:
===============

Disk-ID: CB25002E

Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 100 M 1024 K byte
Partisjon 2 Prim‘r 931 G 101 M byte

==================================================================================

Disk: 0
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Ja
Forskyvning I byte: 1048576

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 1 Y Reservert a NTFS Partisjon 100 M OK

=========================================================

Disk: 0
Partisjon 2
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning I byte: 105906176

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 2 C NTFS Partisjon 931 G OK

=========================================================

Partitions of Disk 1:
===============

Disk-ID: 35878E53

Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 1397 G 1024 K byte

==================================================================================

Disk: 1
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning I byte: 1048576

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 3 D Usortert NTFS Partisjon 1397 G OK

=========================================================

Partitions of Disk 2:
===============

Disk-ID: FF6A79A0

Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 931 G 1024 K byte

==================================================================================

Disk: 2
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning I byte: 1048576

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 4 E Spel NTFS Partisjon 931 G OK

=========================================================

Partitions of Disk 3:
===============

Disk-ID: BF7BA5D6

Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 1863 G 1024 K byte

==================================================================================

Disk: 3
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning I byte: 1048576

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 5 F Nedlasta NTFS Partisjon 1863 G OK

=========================================================

Partitions of Disk 4:
===============

Disk-ID: BF7BA5D7

Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 1863 G 1024 K byte

==================================================================================

Disk: 4
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning I byte: 1048576

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 6 G Steam Platf NTFS Partisjon 1863 G OK

=========================================================

Partitions of Disk 5:
===============

Disk-ID: 04030201

Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 7422 M 1580 K byte

==================================================================================

Disk: 5
Partisjon 1
Type : 0B
Skjult: Nei
Aktiv : Nei
Forskyvning I byte: 1617920

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 7 J KINGSTON FAT32 Flyttbar 7422 M OK

=========================================================

Last Boot: 2013-02-13 02:48

==================== End Of Log =============================

 

[m0nk3n]

Farbar Recovery Scan Tool (x64) Version: 17-02-2013 01
Ran by SYSTEM at 2013-02-18 21:43:01
Running from J:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

 

[Jay Pfoutz]

Check Partitions

Please download Listparts64
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.

 

[m0nk3n]

ListParts by Farbar Version: 16-01-2013
Ran by Jon (administrator) on 19-02-2013 at 20:05:18
Windows 7 (X64)
Running From: C:\Users\Jon\Downloads
Language: 0414
************************************************************

========================= Memory info ======================

Percentage of memory in use: 51%
Total physical RAM: 16324.66 MB
Available physical RAM: 7929.87 MB
Total Pagefile: 32647.51 MB
Available Pagefile: 22625.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:866.96 GB) NTFS
2 Drive d: (Usortert) (Fixed) (Total:1397.26 GB) (Free:295.38 GB) NTFS
3 Drive e: (Steam Platform) (Fixed) (Total:1863.01 GB) (Free:419.03 GB) NTFS
4 Drive f: (Spel) (Fixed) (Total:931.51 GB) (Free:640.83 GB) NTFS
5 Drive g: (Nedlasta) (Fixed) (Total:1863.01 GB) (Free:1546.46 GB) NTFS

Disknr. Status Str. Ledig Dyn GPT
-------- ------------- ------- ------- --- ---
Disk 0 Tilkoblet 931 G byte 0 byte
Disk 1 Tilkoblet 1863 G byte 0 byte
Disk 2 Tilkoblet 931 G byte 0 byte
Disk 3 Tilkoblet 1863 G byte 0 byte
Disk 4 Tilkoblet 1397 G byte 0 byte


Partitions of Disk 0:
===============

Disk-ID: CB25002E

Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 100 M 1024 K byte
Partisjon 2 Prim‘r 931 G 101 M byte

======================================================================================================

Disk: 0
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Ja
Forskyvning I byte: 1048576

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 2 Reservert a NTFS Partisjon 100 M OK System

======================================================================================================

Disk: 0
Partisjon 2
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning I byte: 105906176

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 3 C NTFS Partisjon 931 G OK Oppstart

======================================================================================================

Partitions of Disk 1:
===============

Disk-ID: BF7BA5D6

Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 1863 G 1024 K byte

======================================================================================================

Disk: 1
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning I byte: 1048576

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 4 G Nedlasta NTFS Partisjon 1863 G OK

======================================================================================================

Partitions of Disk 2:
===============

Disk-ID: FF6A79A0

Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 931 G 1024 K byte

======================================================================================================

Disk: 2
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning I byte: 1048576

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 5 F Spel NTFS Partisjon 931 G OK

======================================================================================================

Partitions of Disk 3:
===============

Disk-ID: BF7BA5D7

Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 1863 G 1024 K byte

======================================================================================================

Disk: 3
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning I byte: 1048576

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 6 E Steam Platf NTFS Partisjon 1863 G OK

======================================================================================================

Partitions of Disk 4:
===============

Disk-ID: 35878E53

Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 1397 G 1024 K byte

======================================================================================================

Disk: 4
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning I byte: 1048576

Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 7 D Usortert NTFS Partisjon 1397 G OK

======================================================================================================

Windows oppstartsbehandling
---------------------------
identifikator {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale nb-NO
inherit {globalsettings}
default {current}
resumeobject {5fd4dc17-4cb8-11e2-9667-abd379d820e7}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows oppstartslasting
------------------------
identifikator {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale nb-NO
inherit {bootloadersettings}
recoverysequence {5fd4dc19-4cb8-11e2-9667-abd379d820e7}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {5fd4dc17-4cb8-11e2-9667-abd379d820e7}
nx OptIn

Windows oppstartslasting
------------------------
identifikator {5fd4dc19-4cb8-11e2-9667-abd379d820e7}
device ramdisk=[C:]\Recovery\5fd4dc19-4cb8-11e2-9667-abd379d820e7\Winre.wim,{5fd4dc1a-4cb8-11e2-9667-abd379d820e7}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\5fd4dc19-4cb8-11e2-9667-abd379d820e7\Winre.wim,{5fd4dc1a-4cb8-11e2-9667-abd379d820e7}
systemroot \windows
nx OptIn
winpe Yes

Gjenoppta etter dvalemodus
--------------------------
identifikator {5fd4dc17-4cb8-11e2-9667-abd379d820e7}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale nb-NO
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows minnetester
-------------------
identifikator {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Minnediagnose
locale nb-NO
inherit {globalsettings}
badmemoryaccess Yes

EMS-innstillinger
-----------------
identifikator {emssettings}
bootems Yes

Feils›kingsinnstillinger
------------------------
identifikator {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM-defekter
------------
identifikator {badmemory}

Globale innstillinger
---------------------
identifikator {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Innstillinger for oppstartslasting
----------------------------------
identifikator {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor-innstillinger
------------------------
identifikator {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Innstillinger for gjenopptakelse
--------------------------------
identifikator {resumeloadersettings}
inherit {globalsettings}

Enhetsalternativer
------------------
identifikator {5fd4dc1a-4cb8-11e2-9667-abd379d820e7}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\5fd4dc19-4cb8-11e2-9667-abd379d820e7\boot.sdi


****** End Of Log ******

 

[Jay Pfoutz]

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

 

[m0nk3n]

I dont think there is anything. I've restarted a couple of times and malwarebytes doesnt find anything anymore. but I ran a program some days ago before I came here that found 3 dll files wich looked suspicious but I dont remember wich program. I dont have it on my computer anymore.

 

[m0nk3n]

Although it is a bit slow during from login to actually begin to start programs.

 

[m0nk3n]

I have spybot 2 on here and it says I might have a rootkit infection. it says

Master Boot Records
5 MBRs checked.
unkown MBRs: Physical drive 2

should I fix mbr on that drive? or do a errorfix?

 

[Jay Pfoutz]

The MBR looked fine earlier when it was checked:

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00L5B1 ATA Device +++++
--- User ---
[MBR] bfee1e1353248b1ab404402a3cc5604b
[BSP] 9488371b38d42e5eb745c9ba0fa07e4b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000528AS ATA Device +++++
--- User ---
[MBR] 5584b46757e24d3c2daf5e602affe2d9
[BSP] 18c9ebb4d18767eb89342d92b4dfff13 : Linux MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953874 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 5806e0ad5c9b41cb0fd6e945525dd174
[BSP] f97b955cfdc8647899c9bce60a504418 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD15EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] fe0461a4e18847bfba82bdcb84116d26
[BSP] 89844a27d1e3e1cf6be3ee3cc0a205d0 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430803 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 52bc9653096a172d7940d2aee92699ac
[BSP] 9f581c53665f591506c8c9c896051c9e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Let's do the following, please:

avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
• Double click aswMBR.exe to run it
• Uncheck "Trace disk IO calls".
• Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
• Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
• Click Quick Scan button and let the program run uninterrupted.
• It will produce a log for you called OTL.txt, please post it in your next reply.
• You may need to use two posts to get it all.

 

[m0nk3n]

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-21 15:18:06
-----------------------------
15:18:06.459 OS Version: Windows x64 6.1.7601 Service Pack 1
15:18:06.459 Number of processors: 8 586 0x2D07
15:18:06.459 ComputerName: JON-PC UserName: Jon
15:18:08.329 Initialize success
15:18:23.019 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:18:23.023 Disk 0 Vendor: WDC_WD10EADS-00L5B1 01.01A01 Size: 953869MB BusType: 11
15:18:23.027 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
15:18:23.030 Disk 1 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 11
15:18:23.034 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP7T0L0-7
15:18:23.038 Disk 2 Vendor: ST31000528AS CC35 Size: 953869MB BusType: 11
15:18:23.043 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP4T0L0-4
15:18:23.048 Disk 3 Vendor: WDC_WD15EARX-00PASB0 51.0AB51 Size: 1430799MB BusType: 11
15:18:23.051 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP5T0L0-5
15:18:23.054 Disk 4 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 11
15:18:23.069 Disk 0 MBR read successfully
15:18:23.073 Disk 0 MBR scan
15:18:23.077 Disk 0 Windows 7 default MBR code
15:18:23.081 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:18:23.098 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
15:18:23.107 Disk 0 scanning C:\Windows\system32\drivers
15:18:29.520 Service scanning
15:18:42.290 Modules scanning
15:18:42.301 Scan finished successfully
15:19:07.491 Disk 0 MBR has been saved successfully to "C:\Users\Jon\Desktop\MBR.dat"
15:19:07.521 The log file has been saved successfully to "C:\Users\Jon\Desktop\aswMBR.txt"

 

[m0nk3n]

Here is the otl txt. was too large +50000 letters.

 

[m0nk3n]

The MBRscan.txt wont upload since its a .dat file idk how to upload that.