[Devonasa]

Hi, Forum,

For the past few weeks I have been getting a few Trojan "pickups" when scanning with Symantic, and the scanner removes them, but I think they keep coming back, And there are loads of pop ups from Symantec advising about traffic from different IP's being blocked. But when I scan nothing shows ups,, I'm not sure what is going on? But every time I do a search in google this pops up....

[SID 23621] system infected: tidserv activity detected few times, I'm mainly using Firefox.

I've seen this asked a few times before, and that is why I was lead to here, and I hope you can help!

Thanks,
Devonasa

[Advertisements]

Hi there before I can assist I will need to look at your system



Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[Essexboy]

Hi there before I can assist I will need to look at your system



Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[Devonasa]

Hi, thanks for the help! Here are the OLT logs:

OTL.txt

OTL logfile created on: 9/3/2011 5:07:37 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 380.75 Mb Available Physical Memory | 37.57% Memory free
2.24 Gb Paging File | 1.12 Gb Available in Paging File | 50.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 24.14 Gb Free Space | 23.75% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 16:52:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
PRC - [2011/09/01 01:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/17 03:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/29 15:00:00 | 000,612,168 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/07/27 10:31:51 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2010/07/17 14:04:33 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2010/04/01 18:26:03 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2010/02/01 07:13:18 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 18:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/01/19 03:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/15 22:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/15 22:01:52 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/11/15 21:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/11/15 21:57:20 | 000,171,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2006/10/31 01:03:48 | 000,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/01 01:25:07 | 001,001,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/12/09 15:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/03 19:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/01/19 03:36:48 | 000,359,424 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\exuqovuzitohapu.dll
MOD - [2006/11/15 22:01:08 | 001,058,328 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL
MOD - [2006/11/15 21:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MOD - [2006/11/02 05:46:05 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/10/31 01:04:12 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/07/27 10:31:51 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 01:31:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/19 03:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/15 22:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 22:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/08/22 20:23:04 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/08/03 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110902.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110902.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/03/21 20:33:42 | 000,015,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\Windows\System32\drivers\SymAFR.sys -- (SymAFR)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/24 12:01:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/04 20:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/17 18:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 18:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 11:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 20:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 09:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/27 14:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2006/11/15 22:03:12 | 000,024,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/15 22:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 22:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/10 23:48:11 | 001,083,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2006/11/10 23:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 23:46:29 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Яндек�"
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.16
FF - prefs.js..extensions.enabledItems: {6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}:1.9.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..keyword.URL: "http://yandex.ru/yan...ft=barff&text="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 01:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 01:25:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0} [2011/08/28 01:53:54 | 000,000,000 | ---D | M]

[2010/03/24 11:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Extensions
[2011/09/03 16:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions
[2011/08/17 01:23:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/08 21:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/20 17:29:50 | 000,000,000 | ---D | M] ("Tumblr Post") -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2011/08/31 15:26:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/08/12 17:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/07 00:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\App\Photoshop\Plug-ins\Extensions
[2011/08/28 01:53:54 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\DEVONASA\APPDATA\LOCAL\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}

Hosts file not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000..\Run: [Qdupadava] File not found
O4 - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000..\Run: [Xxajamu] C:\Users\Devonasa\AppData\Local\exuqovuzitohapu.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} https://webapps.unf....x64/webinst.cab (WebBasedClientInstall Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3AA8F6-0159-4F70-994A-780FCEE470F9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Devonasa\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/09/03 16:52:50 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/03 16:52:15 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/02 12:35:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/09/02 12:15:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\dds.scr
[2011/08/28 01:53:53 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}
[2011/08/23 18:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEP for The Sims 2
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sims2Pack Clean Installer
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sims2Pack Clean Installer
[2011/08/22 20:55:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011/08/22 20:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2011/08/22 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2011/08/22 18:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011/08/22 17:59:20 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\EA Games
[2011/08/17 13:44:30 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 12:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/08/17 02:48:46 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Adobe Photoshop CS5.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/17 02:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/08/17 02:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/15 00:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/15 00:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/08/10 18:26:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead GIF Animator 5 TBYB
[2011/08/10 18:10:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/10 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2011/08/10 18:10:07 | 000,000,000 | ---D | C] -- C:\Windows\Noslip
[2011/08/09 01:23:38 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2011/08/09 01:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/08/09 01:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/08/08 01:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/08/08 01:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/03 16:54:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/03 16:52:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/03 16:51:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/03 16:49:04 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
[2011/09/03 16:12:36 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
[2011/09/03 16:01:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/03 16:01:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/03 14:02:49 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/03 14:01:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/03 14:01:00 | 1061,273,600 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/03 14:00:51 | 191,044,745 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/03 13:59:14 | 000,000,000 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\Dzozozofuqoqi.bin
[2011/09/03 13:59:11 | 000,000,120 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\Nwigagu.dat
[2011/09/02 17:00:47 | 000,136,704 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 17:00:38 | 295,643,581 | ---- | M] () -- C:\Users\Devonasa\Desktop\RB-DerekCayden.wmv
[2011/09/02 12:49:04 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
[2011/09/02 12:35:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/09/02 12:17:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\dds.scr
[2011/09/01 23:31:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0.949766072073641.exe
[2011/08/30 15:37:01 | 000,000,000 | ---- | M] () -- C:\t1e0.4
[2011/08/25 12:45:12 | 000,001,235 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/25 01:05:49 | 008,191,066 | ---- | M] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:39:19 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:15:31 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:54 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:40:57 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/22 20:40:56 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/22 20:24:44 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/18 21:01:12 | 003,730,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/17 02:44:16 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 21:07:36 | 000,091,002 | ---- | M] () -- C:\ProgramData\1313283654.bdinstall.bin
[2011/08/13 20:46:40 | 000,077,118 | ---- | M] () -- C:\ProgramData\1313282766.bdinstall.bin
[2011/08/13 19:56:45 | 000,000,000 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/13 01:14:57 | 000,001,356 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2011/08/10 18:20:34 | 000,000,274 | ---- | M] () -- C:\Windows\ulead32.ini
[2011/08/10 18:20:31 | 000,000,560 | ---- | M] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:18 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 20:50:43 | 000,000,303 | ---- | M] () -- C:\Windows\System32\checkdnsid.xml
[2011/08/09 03:27:45 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2011/08/09 02:06:51 | 000,191,404 | ---- | M] () -- C:\ProgramData\1312867290.bdinstall.bin
[2011/08/09 01:49:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | M] () -- C:\t1dg.3
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/02 16:40:43 | 295,643,581 | ---- | C] () -- C:\Users\Devonasa\Desktop\RB-DerekCayden.wmv
[2011/09/01 23:31:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0.949766072073641.exe
[2011/08/30 15:37:01 | 000,000,000 | ---- | C] () -- C:\t1e0.4
[2011/08/25 01:05:39 | 008,191,066 | ---- | C] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:37:04 | 000,001,235 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/23 14:15:30 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 14:06:44 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:53 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:24:44 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/17 12:53:01 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/17 12:46:08 | 000,000,985 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/17 12:42:48 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/17 12:32:16 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/17 12:30:31 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/17 12:25:28 | 000,000,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/08/17 02:44:16 | 000,000,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/08/17 02:44:15 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 21:07:35 | 000,091,002 | ---- | C] () -- C:\ProgramData\1313283654.bdinstall.bin
[2011/08/13 20:53:01 | 1061,273,600 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/13 20:46:40 | 000,077,118 | ---- | C] () -- C:\ProgramData\1313282766.bdinstall.bin
[2011/08/13 19:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/10 18:10:53 | 000,000,560 | ---- | C] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:51 | 000,000,274 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/08/10 18:10:18 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 03:27:45 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2011/08/09 02:29:54 | 000,000,303 | ---- | C] () -- C:\Windows\System32\checkdnsid.xml
[2011/08/09 02:06:49 | 000,191,404 | ---- | C] () -- C:\ProgramData\1312867290.bdinstall.bin
[2011/08/09 01:49:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 01:48:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | C] () -- C:\t1dg.3
[2011/08/08 01:31:40 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\Dzozozofuqoqi.bin
[2011/08/08 01:31:38 | 000,000,120 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\Nwigagu.dat
[2011/08/03 19:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{1CF3071A-A136-4BBC-A174-D3B2CFC1128A}
[2011/05/11 18:58:58 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/09/05 17:41:21 | 000,001,356 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2010/09/05 17:36:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/06 07:04:48 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/06 07:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/02/05 00:05:44 | 000,359,424 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\exuqovuzitohapu.dll
[2010/01/30 21:01:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/30 17:56:39 | 000,136,704 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 22:03:12 | 000,024,736 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/15 22:00:56 | 001,678,368 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,730,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/30 23:45:19 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Audacity
[2011/08/17 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/02/05 07:01:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Pro
[2010/02/26 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Elluminate
[2010/01/30 18:28:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GetRightToGo
[2011/08/09 01:23:38 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2010/12/01 22:49:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Research In Motion
[2011/08/18 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Spotify
[2010/01/30 19:34:45 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Thinstall
[2010/03/29 21:16:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Tific
[2010/05/24 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Yandex
[2011/09/03 13:48:41 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/03 16:12:36 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\BACKUP\10-01-29 0251PM\Windows\explorer.exe
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/02/01 07:13:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/02/01 07:13:18 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2010/02/01 07:13:18 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/02/01 07:13:18 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/11/25 02:30:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/02/01 07:34:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/11/25 02:30:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2010/02/01 07:34:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2010/02/01 07:13:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows.old\Windows\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\BACKUP\10-01-29 0251PM\Windows\System32\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows.old\Windows\System32\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\BACKUP\10-01-29 0251PM\Windows\System32\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows.old\Windows\System32\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\BACKUP\10-01-29 0251PM\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 03:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >

Extras.txt

OTL Extras logfile created on: 9/3/2011 5:07:37 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 380.75 Mb Available Physical Memory | 37.57% Memory free
2.24 Gb Paging File | 1.12 Gb Available in Paging File | 50.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 24.14 Gb Free Space | 23.75% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0085576B-D3EE-46B7-AA04-66A5125B7F35}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{611CCD2D-091D-4F49-977E-565352EBEFA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC0B411-9991-41E6-9BD4-53DA22E4FD7F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1161531B-1A83-433D-A1BD-8020B7E2AC88}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{297323D9-E021-4481-ADAE-9FEF7D7DD925}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{2CF12751-81D9-4BD1-B498-355DA794BA9C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{340414A8-802A-4E2F-A4FB-FC69B8CAB7DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3706B691-7C1B-4E8B-BF7E-DE4AEF1DD566}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{47B19CF9-AF40-4F31-B10B-D774F4057D25}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{5081AF52-E57A-474A-BEAC-8E5BF60036E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5E308BDC-5BAF-4A53-B8D3-92CA5D001FB0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{698A6159-4D4C-4E8C-A195-380CA5D3BDC9}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{7C4BE71D-C474-43CB-AFA6-85A67C5D3DB2}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{82C9CC69-0661-432C-BF21-217861061B8B}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{84570C9E-57B3-4100-A2FD-77FBAA866A8E}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{88BD47C5-3B21-4788-A3A3-B2172AC05761}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{93BB38FA-2556-4C75-AAF6-0A4AE11BE436}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{98925A0F-C000-4DB4-9CCC-1574C672B586}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C4645DD4-8198-4424-AF0C-D1F2C7CDEFA2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF28F06E-5DDD-46FD-94AC-13C57A5B8E9A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D820A76E-3191-469C-A800-8C28C8DFEC3D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{DBE61390-BC9E-4051-B308-D329366D2D2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F88D0857-9510-450B-B451-C92A4D7BC5AE}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"TCP Query User{569637BC-C95E-4500-956A-73A76B7CEF65}C:\program files\java\jre1.5.0_02\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_02\bin\javaw.exe |
"TCP Query User{ACAD2765-4639-4C1A-9F7B-AD7A4329B1B7}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{1D8EE7F6-B413-4BCB-9983-443CAA86F9A7}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{995EE229-A66C-42D3-94BA-1B39F7BF550A}C:\program files\java\jre1.5.0_02\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_02\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10110FE9-1EE8-4A3D-ADFD-1294F86BE5FC}" = Logitech QuickCam
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5035723E-C26D-4979-ACA9-12765F5AD7EB}" = WinZip Pro
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 TBYB
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CEA4C7D0-ABBE-4074-A488-173BB382CDFF}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"CameraUserGuide-PSA470" = Canon PowerShot A470 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Pro" = DAEMON Tools Pro
"DirectPrintUserGuide" = Canon Direct Print User Guide
"DivX Setup.divx.com" = DivX Setup
"E.M. Youtube Video Download Tool_is1" = E.M. Youtube Video Download Tool 3.13
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.21)" = Mozilla Firefox (3.6.21)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Norton UAC Tool" = Norton UAC Tool
"PhotoStitch" = Canon Utilities PhotoStitch
"QcDrv" = Logitech® Camera Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SafeConnect" = SafeConnect
"Scriptorium_for_TS2_is1" = Scriptorium for TS2
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"SoftwareStarterGuide-DCSD34" = Canon Digital Camera Solution Disk 34 Software Starter Guide
"Spotify" = Spotify
"TweakUAC_is1" = TweakUAC
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WinZip Pro" = WinZip Pro
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by Devonasa, 04 September 2011 - 02:46 PM.

[Devonasa]

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-03 17:42:47
-----------------------------
17:42:47.213 OS Version: Windows 6.0.6001 Service Pack 1
17:42:47.213 Number of processors: 2 586 0xE0C
17:42:47.213 ComputerName: DEVONASA-PC UserName: Devonasa
17:43:30.316 Initialize success
17:43:43.857 AVAST engine defs: 11090201
17:43:49.567 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
17:43:49.567 Disk 0 Vendor: WDC_WD1200BEVS-00UST0 01.01A01 Size: 114473MB BusType: 3
17:43:51.595 Disk 0 MBR read successfully
17:43:51.595 Disk 0 MBR scan
17:43:51.657 Disk 0 MBR:Alureon-G [Rtk]
17:43:51.657 Disk 0 TDL4@MBR code has been found
17:43:51.673 Disk 0 Windows VISTA default MBR code found via API
17:43:51.673 Disk 0 MBR hidden
17:43:51.673 Disk 0 MBR [TDL4] **ROOTKIT**
17:43:51.688 Disk 0 trace - called modules:
17:43:51.704 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84c8d4d0]<<
17:43:51.704 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c3d030]
17:43:51.719 3 CLASSPNP.SYS[869a5745] -> nt!IofCallDriver -> [0x84cefde8]
17:43:51.735 \Driver\atapi[0x84c43ba0] -> IRP_MJ_CREATE -> 0x84c8d4d0
17:43:52.531 AVAST engine scan C:\Windows
17:43:55.261 AVAST engine scan C:\Windows\system32
17:46:13.726 AVAST engine scan C:\Windows\system32\drivers
17:46:26.924 AVAST engine scan C:\Users\Devonasa
17:49:50.722 File: C:\Users\Devonasa\AppData\Local\Temp\F305.tmp **INFECTED** Win32:Malware-gen
17:49:50.785 File: C:\Users\Devonasa\AppData\Local\Temp\F306.tmp **INFECTED** Win32:Malware-gen
17:50:49.862 File: C:\Users\Devonasa\AppData\Local\Temp\thpm7220949480405622405.tmp **INFECTED** Win32:Rorpian-F [Trj]
17:50:51.781 File: C:\Users\Devonasa\AppData\Local\Temp\win152760568.cab **INFECTED** Win32:Rorpian-F [Trj]
17:50:51.874 File: C:\Users\Devonasa\AppData\Local\Temp\win4036e0.dat **INFECTED** Win32:Rorpian-F [Trj]
18:02:14.491 Disk 0 MBR has been saved successfully to "C:\Users\Devonasa\Desktop\MBR.dat"
18:02:14.742 The log file has been saved successfully to "C:\Users\Devonasa\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-03 18:41:51
-----------------------------
18:41:51.608 OS Version: Windows 6.0.6001 Service Pack 1
18:41:51.608 Number of processors: 2 586 0xE0C
18:41:51.623 ComputerName: DEVONASA-PC UserName: Devonasa
18:41:54.229 Initialize success
18:42:05.133 AVAST engine defs: 11090201
18:42:07.894 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
18:42:07.894 Disk 0 Vendor: WDC_WD1200BEVS-00UST0 01.01A01 Size: 114473MB BusType: 3
18:42:09.907 Disk 0 MBR read successfully
18:42:09.907 Disk 0 MBR scan
18:42:09.907 Disk 0 MBR:Alureon-G [Rtk]
18:42:09.907 Disk 0 TDL4@MBR code has been found
18:42:09.922 Disk 0 Windows VISTA default MBR code found via API
18:42:09.938 Disk 0 MBR hidden
18:42:09.938 Disk 0 MBR [TDL4] **ROOTKIT**
18:42:09.938 Disk 0 trace - called modules:
18:42:09.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84c8d4d0]<<
18:42:09.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c39030]
18:42:09.969 3 CLASSPNP.SYS[869a3745] -> nt!IofCallDriver -> [0x84cf01c0]
18:42:09.969 \Driver\atapi[0x84c3d238] -> IRP_MJ_CREATE -> 0x84c8d4d0
18:42:10.811 AVAST engine scan C:\Windows
18:42:13.666 AVAST engine scan C:\Windows\system32
18:44:35.470 AVAST engine scan C:\Windows\system32\drivers
18:44:51.101 AVAST engine scan C:\Users\Devonasa
18:48:02.529 File: C:\Users\Devonasa\AppData\Local\Temp\F305.tmp **INFECTED** Win32:Malware-gen
18:48:02.607 File: C:\Users\Devonasa\AppData\Local\Temp\F306.tmp **INFECTED** Win32:Malware-gen
18:49:00.124 File: C:\Users\Devonasa\AppData\Local\Temp\thpm7220949480405622405.tmp **INFECTED** Win32:Rorpian-F [Trj]
18:49:01.918 File: C:\Users\Devonasa\AppData\Local\Temp\win152760568.cab **INFECTED** Win32:Rorpian-F [Trj]
18:49:01.996 File: C:\Users\Devonasa\AppData\Local\Temp\win4036e0.dat **INFECTED** Win32:Rorpian-F [Trj]
19:00:30.065 AVAST engine scan C:\ProgramData
18:02:14.491 Disk 0 MBR has been saved successfully to "C:\Users\Devonasa\Desktop\MBR.dat"
18:02:14.742 The log file has been saved successfully to "C:\Users\Devonasa\Desktop\aswMBR.txt"


There was some other "items" that said were infected but they were all the items that have been quarantined by Symantic over various scans throughout my use with it, so I didn't include them...cause the site said my post was to big, so if you don't mind I added it as attachment.

Attached Files

•  aswMBR.txt   399.35KB   200 downloads

[Essexboy]

No thats good it has shown a TDL4 infection plus some malware still in your temp file - which we will now kill

Please read carefully and follow these steps.

• DownloadTDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810
  FF - prefs.js..browser.search.defaultenginename: "Яндек�"
  [2011/08/28 01:53:54 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\DEVONASA\APPDATA\LOCAL\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}
  O4 - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000..\Run: [Qdupadava] File not found
  O4 - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000..\Run: [Xxajamu] C:\Users\Devonasa\AppData\Local\exuqovuzitohapu.dll ()
  [2011/09/03 13:59:14 | 000,000,000 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\Dzozozofuqoqi.bin
  [2011/09/03 13:59:11 | 000,000,120 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\Nwigagu.dat
  [2011/09/01 23:31:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0.949766072073641.exe
  [2011/08/30 15:37:01 | 000,000,000 | ---- | M] () -- C:\t1e0.4
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[Devonasa]

Is it fine to do this all in safe mode? Will it still scan everything properly, or should I do it in normal mode?

[Devonasa]

TDSS Killer Log:

2011/09/04 17:13:08.0149 12856 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/04 17:13:08.0632 12856 ================================================================================
2011/09/04 17:13:08.0632 12856 SystemInfo:
2011/09/04 17:13:08.0632 12856
2011/09/04 17:13:08.0632 12856 OS Version: 6.0.6001 ServicePack: 1.0
2011/09/04 17:13:08.0632 12856 Product type: Workstation
2011/09/04 17:13:08.0632 12856 ComputerName: DEVONASA-PC
2011/09/04 17:13:08.0632 12856 UserName: Devonasa
2011/09/04 17:13:08.0632 12856 Windows directory: C:\Windows
2011/09/04 17:13:08.0632 12856 System windows directory: C:\Windows
2011/09/04 17:13:08.0632 12856 Processor architecture: Intel x86
2011/09/04 17:13:08.0632 12856 Number of processors: 2
2011/09/04 17:13:08.0632 12856 Page size: 0x1000
2011/09/04 17:13:08.0632 12856 Boot type: Safe boot with network
2011/09/04 17:13:08.0632 12856 ================================================================================
2011/09/04 17:13:10.0629 12856 Initialize success
2011/09/04 17:13:59.0083 9004 ================================================================================
2011/09/04 17:13:59.0083 9004 Scan started
2011/09/04 17:13:59.0083 9004 Mode: Manual;
2011/09/04 17:13:59.0083 9004 ================================================================================
2011/09/04 17:14:03.0029 9004 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/09/04 17:14:03.0107 9004 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/09/04 17:14:03.0170 9004 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/09/04 17:14:03.0217 9004 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/09/04 17:14:03.0310 9004 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/09/04 17:14:03.0419 9004 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/09/04 17:14:03.0466 9004 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/09/04 17:14:03.0529 9004 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/04 17:14:03.0607 9004 aksfridge (45f65f2f7ae28e5e56ab64e3ac61bd52) C:\Windows\system32\drivers\aksfridge.sys
2011/09/04 17:14:03.0700 9004 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/09/04 17:14:03.0747 9004 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/09/04 17:14:03.0778 9004 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/09/04 17:14:03.0809 9004 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/09/04 17:14:03.0841 9004 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/09/04 17:14:03.0887 9004 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/09/04 17:14:03.0934 9004 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/09/04 17:14:03.0997 9004 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/04 17:14:04.0043 9004 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/09/04 17:14:04.0153 9004 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/04 17:14:04.0277 9004 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/04 17:14:04.0340 9004 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/04 17:14:04.0371 9004 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/04 17:14:04.0433 9004 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/04 17:14:04.0465 9004 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/04 17:14:04.0511 9004 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/04 17:14:04.0543 9004 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/04 17:14:04.0589 9004 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/04 17:14:04.0699 9004 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/04 17:14:04.0761 9004 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/04 17:14:04.0839 9004 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/09/04 17:14:04.0933 9004 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/09/04 17:14:05.0073 9004 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/04 17:14:05.0089 9004 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/09/04 17:14:05.0198 9004 COH_Mon (c586875ece5318c6309ed1ab79d0e55f) C:\Windows\system32\Drivers\COH_Mon.sys
2011/09/04 17:14:05.0229 9004 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/04 17:14:05.0276 9004 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/04 17:14:05.0323 9004 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/09/04 17:14:05.0432 9004 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
2011/09/04 17:14:05.0494 9004 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/09/04 17:14:05.0572 9004 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/04 17:14:05.0635 9004 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/04 17:14:05.0713 9004 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys
2011/09/04 17:14:05.0775 9004 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/04 17:14:05.0822 9004 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/09/04 17:14:05.0931 9004 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/09/04 17:14:06.0025 9004 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/09/04 17:14:06.0103 9004 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/09/04 17:14:06.0227 9004 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/09/04 17:14:06.0274 9004 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/09/04 17:14:06.0321 9004 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/04 17:14:06.0383 9004 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/04 17:14:06.0415 9004 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/04 17:14:06.0461 9004 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/04 17:14:06.0508 9004 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/09/04 17:14:06.0555 9004 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/04 17:14:06.0649 9004 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/04 17:14:06.0680 9004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/04 17:14:06.0836 9004 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\Windows\system32\drivers\hardlock.sys
2011/09/04 17:14:06.0945 9004 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/04 17:14:07.0054 9004 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/04 17:14:07.0117 9004 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/04 17:14:07.0163 9004 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/04 17:14:07.0210 9004 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/04 17:14:07.0273 9004 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/09/04 17:14:07.0335 9004 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/09/04 17:14:07.0429 9004 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/09/04 17:14:07.0491 9004 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/04 17:14:07.0585 9004 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/04 17:14:07.0678 9004 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/09/04 17:14:07.0741 9004 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/04 17:14:07.0819 9004 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/04 17:14:07.0881 9004 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/04 17:14:07.0975 9004 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/04 17:14:08.0099 9004 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/04 17:14:08.0146 9004 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/04 17:14:08.0224 9004 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/04 17:14:08.0255 9004 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/09/04 17:14:08.0318 9004 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/04 17:14:08.0349 9004 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/04 17:14:08.0411 9004 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/04 17:14:08.0489 9004 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/04 17:14:08.0536 9004 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/09/04 17:14:08.0614 9004 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/04 17:14:08.0755 9004 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/04 17:14:08.0895 9004 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/04 17:14:08.0926 9004 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/04 17:14:08.0973 9004 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/04 17:14:09.0020 9004 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/04 17:14:09.0145 9004 LVcKap (efe6cb9600a6bef09834be558d7cf04e) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/09/04 17:14:09.0285 9004 LVMVDrv (8895475987655aae944544e30004b290) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2011/09/04 17:14:09.0488 9004 lvpopflt (ff6e9c169f3372d0046dedbe63e461f2) C:\Windows\system32\DRIVERS\lvpopflt.sys
2011/09/04 17:14:09.0566 9004 LVPr2Mon (985875cf257e5900c3f779a6929920e2) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/09/04 17:14:09.0628 9004 LVUSBSta (ccff53b1fcdfa9ede919e3bdbd10d0fd) C:\Windows\system32\drivers\lvusbsta.sys
2011/09/04 17:14:09.0737 9004 LVUVC (9c1123052624356cd7c05d5c5767bf57) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/09/04 17:14:09.0878 9004 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/09/04 17:14:09.0925 9004 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/09/04 17:14:09.0987 9004 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/04 17:14:10.0049 9004 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/04 17:14:10.0143 9004 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/04 17:14:10.0190 9004 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/04 17:14:10.0252 9004 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/04 17:14:10.0299 9004 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/09/04 17:14:10.0361 9004 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/04 17:14:10.0486 9004 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/04 17:14:10.0533 9004 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/09/04 17:14:10.0627 9004 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/04 17:14:10.0736 9004 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/04 17:14:10.0767 9004 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/04 17:14:10.0861 9004 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/09/04 17:14:10.0907 9004 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/09/04 17:14:10.0985 9004 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/04 17:14:11.0032 9004 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/04 17:14:11.0095 9004 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/04 17:14:11.0141 9004 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/04 17:14:11.0204 9004 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/04 17:14:11.0251 9004 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/09/04 17:14:11.0297 9004 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/04 17:14:11.0344 9004 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/04 17:14:11.0391 9004 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/09/04 17:14:11.0516 9004 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/04 17:14:11.0656 9004 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110903.002\NAVENG.SYS
2011/09/04 17:14:11.0750 9004 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110903.002\NAVEX15.SYS
2011/09/04 17:14:11.0875 9004 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/09/04 17:14:11.0937 9004 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/04 17:14:11.0968 9004 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/04 17:14:12.0015 9004 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/04 17:14:12.0046 9004 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/04 17:14:12.0093 9004 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/04 17:14:12.0124 9004 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/04 17:14:12.0218 9004 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/04 17:14:12.0280 9004 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/09/04 17:14:12.0358 9004 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/04 17:14:12.0436 9004 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/09/04 17:14:12.0530 9004 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/04 17:14:12.0592 9004 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/04 17:14:12.0639 9004 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/09/04 17:14:12.0670 9004 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/09/04 17:14:12.0717 9004 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/09/04 17:14:12.0904 9004 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/04 17:14:13.0013 9004 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/04 17:14:13.0076 9004 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/09/04 17:14:13.0107 9004 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/04 17:14:13.0169 9004 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/09/04 17:14:13.0232 9004 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/09/04 17:14:13.0263 9004 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/04 17:14:13.0388 9004 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/04 17:14:13.0559 9004 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/04 17:14:13.0606 9004 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/09/04 17:14:13.0700 9004 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/04 17:14:13.0793 9004 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/09/04 17:14:13.0871 9004 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/09/04 17:14:13.0949 9004 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/04 17:14:14.0027 9004 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/04 17:14:14.0074 9004 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/04 17:14:14.0121 9004 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/04 17:14:14.0168 9004 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/04 17:14:14.0215 9004 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/04 17:14:14.0293 9004 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/04 17:14:14.0386 9004 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/04 17:14:14.0480 9004 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/09/04 17:14:14.0558 9004 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/04 17:14:14.0620 9004 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/09/04 17:14:14.0761 9004 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/09/04 17:14:14.0807 9004 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/09/04 17:14:14.0870 9004 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/04 17:14:14.0932 9004 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/09/04 17:14:14.0995 9004 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/04 17:14:15.0088 9004 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/04 17:14:15.0151 9004 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/04 17:14:15.0197 9004 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/04 17:14:15.0229 9004 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/04 17:14:15.0353 9004 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/09/04 17:14:15.0400 9004 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/04 17:14:15.0447 9004 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/04 17:14:15.0494 9004 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/04 17:14:15.0572 9004 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/09/04 17:14:15.0665 9004 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/09/04 17:14:15.0712 9004 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/09/04 17:14:15.0821 9004 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/09/04 17:14:15.0946 9004 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/09/04 17:14:16.0211 9004 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/09/04 17:14:16.0274 9004 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/04 17:14:16.0367 9004 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\Windows\System32\Drivers\sptd.sys
2011/09/04 17:14:16.0477 9004 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS
2011/09/04 17:14:16.0570 9004 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/09/04 17:14:16.0617 9004 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/09/04 17:14:16.0679 9004 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/09/04 17:14:16.0773 9004 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/04 17:14:16.0867 9004 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/04 17:14:16.0976 9004 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/04 17:14:17.0038 9004 SymAFR (630d38afcefe1abc423d41171f300bd5) C:\Windows\system32\DRIVERS\SymAFR.sys
2011/09/04 17:14:17.0116 9004 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/04 17:14:17.0225 9004 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/09/04 17:14:17.0288 9004 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/09/04 17:14:17.0335 9004 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/09/04 17:14:17.0381 9004 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/04 17:14:17.0413 9004 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/04 17:14:17.0475 9004 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
2011/09/04 17:14:17.0584 9004 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/09/04 17:14:17.0678 9004 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/04 17:14:17.0725 9004 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/04 17:14:17.0787 9004 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/04 17:14:17.0818 9004 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/04 17:14:17.0865 9004 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/04 17:14:17.0927 9004 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows\system32\DRIVERS\teefer2.sys
2011/09/04 17:14:17.0959 9004 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/04 17:14:18.0115 9004 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/04 17:14:18.0161 9004 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/04 17:14:18.0271 9004 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/04 17:14:18.0317 9004 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/09/04 17:14:18.0364 9004 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/04 17:14:18.0427 9004 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/04 17:14:18.0473 9004 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/09/04 17:14:18.0536 9004 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/04 17:14:18.0614 9004 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/04 17:14:18.0676 9004 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/04 17:14:18.0770 9004 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/04 17:14:18.0863 9004 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2011/09/04 17:14:18.0926 9004 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/04 17:14:18.0973 9004 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/04 17:14:19.0019 9004 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/04 17:14:19.0082 9004 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/04 17:14:19.0129 9004 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/04 17:14:19.0175 9004 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/04 17:14:19.0222 9004 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/04 17:14:19.0285 9004 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/04 17:14:19.0331 9004 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/04 17:14:19.0409 9004 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/04 17:14:19.0472 9004 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/04 17:14:19.0565 9004 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/09/04 17:14:19.0643 9004 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/09/04 17:14:19.0690 9004 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/09/04 17:14:19.0784 9004 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/04 17:14:19.0831 9004 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/09/04 17:14:19.0893 9004 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/09/04 17:14:19.0940 9004 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/09/04 17:14:20.0002 9004 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/04 17:14:20.0049 9004 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/04 17:14:20.0096 9004 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/04 17:14:20.0143 9004 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/09/04 17:14:20.0236 9004 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/04 17:14:20.0455 9004 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/04 17:14:20.0548 9004 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/04 17:14:20.0611 9004 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\Windows\system32\drivers\wpsdrvnt.sys
2011/09/04 17:14:20.0673 9004 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
2011/09/04 17:14:20.0720 9004 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/04 17:14:20.0813 9004 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/04 17:14:20.0891 9004 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/09/04 17:14:20.0907 9004 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/04 17:14:20.0923 9004 Boot (0x1200) (1e8c16f13b236a5a74f155e9efef0c3b) \Device\Harddisk0\DR0\Partition0
2011/09/04 17:14:20.0969 9004 Boot (0x1200) (5cff3a65599eda0e01cae7a2764a97ab) \Device\Harddisk0\DR0\Partition1
2011/09/04 17:14:20.0969 9004 ================================================================================
2011/09/04 17:14:20.0969 9004 Scan finished
2011/09/04 17:14:20.0969 9004 ================================================================================
2011/09/04 17:14:21.0001 13872 Detected object count: 1
2011/09/04 17:14:21.0001 13872 Actual detected object count: 1
2011/09/04 17:14:39.0019 13872 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/04 17:14:39.0019 13872 \Device\Harddisk0\DR0 - ok
2011/09/04 17:14:39.0065 13872 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/04 17:15:07.0457 12808 Deinitialize success

OTL Quick Scan Log:

OTL logfile created on: 9/4/2011 6:07:44 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 610.18 Mb Available Physical Memory | 60.21% Memory free
2.23 Gb Paging File | 1.97 Gb Available in Paging File | 88.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 27.28 Gb Free Space | 26.84% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 16:52:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
PRC - [2010/02/01 07:13:18 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/04 01:18:41 | 000,218,624 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Windows\System32\itnetw32.dll -- (itlperf)
SRV - [2010/07/27 10:31:51 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Stopped] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 01:31:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/15 22:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 22:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/08/22 20:23:04 | 000,443,448 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/08/03 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110903.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110903.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/03/21 20:33:42 | 000,015,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\SymAFR.sys -- (SymAFR)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/24 12:01:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/04 20:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/17 18:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 18:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 11:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 20:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 09:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/27 14:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2006/11/15 22:03:12 | 000,024,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/15 22:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 22:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/10 23:48:11 | 001,083,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2006/11/10 23:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 23:46:29 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3D AD 68 0E 67 47 12 47 9E 0B CA 82 C4 53 F8 42 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.16
FF - prefs.js..extensions.enabledItems: {6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}:1.9.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {1bc10fe5-8c5d-4ee2-af7a-bf9f1e7bf77f}:1.0
FF - prefs.js..keyword.URL: "http://yandex.ru/yan...ft=barff&text="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 01:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 01:25:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}

[2010/03/24 11:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Extensions
[2011/09/04 16:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions
[2011/08/17 01:23:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/09/04 01:25:10 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{1bc10fe5-8c5d-4ee2-af7a-bf9f1e7bf77f}
[2010/07/08 21:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/20 17:29:50 | 000,000,000 | ---D | M] ("Tumblr Post") -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2011/08/31 15:26:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/09/04 16:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/07 00:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\App\Photoshop\Plug-ins\Extensions
File not found (No name found) -- C:\USERS\DEVONASA\APPDATA\LOCAL\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}

O1 HOSTS File: ([2011/09/04 17:33:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0E68AD3D-4767-4712-9E0B-CA82C453F842} - C:\Windows\System32\wscui32.dll (Creative Technology Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (adfadcpdpr Object) - {EBD5F519-1E51-44C7-BBB9-354719A7751E} - C:\Windows\$XNTUninstall643$\wzrel.dll ()
O2 - BHO: (brumadcpdgrm Object) - {EF664F2B-438F-4107-B440-CCD774A286DE} - C:\Windows\$XNTUninstall643$\qpeji.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [bipro] C:\Windows\$XNTUninstall643$\wzrel.dll ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MicrosoftUpdate] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.exe ()
O4 - HKCU..\Run: [Security Protection] C:\ProgramData\defender.exe (Лаборатория Касперского)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} https://webapps.unf....x64/webinst.cab (WebBasedClientInstall Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3AA8F6-0159-4F70-994A-780FCEE470F9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Devonasa\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 17:32:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 17:12:50 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Devonasa\Desktop\TDSSKiller.exe
[2011/09/04 01:23:59 | 000,000,000 | ---D | C] -- C:\Windows\$XNTUninstall643$
[2011/09/03 18:25:10 | 000,894,976 | ---- | C] (Лаборатория Касперского) -- C:\ProgramData\defender.exe
[2011/09/03 17:55:54 | 000,068,608 | ---- | C] (Creative Technology Ltd) -- C:\ProgramData\JavaBackupVerifier.dll
[2011/09/03 16:52:50 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/03 16:52:15 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/02 12:35:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/09/02 12:15:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\dds.scr
[2011/08/23 18:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEP for The Sims 2
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sims2Pack Clean Installer
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sims2Pack Clean Installer
[2011/08/22 20:55:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011/08/22 20:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2011/08/22 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2011/08/22 18:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011/08/22 17:59:20 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\EA Games
[2011/08/17 13:44:30 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 12:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/08/17 02:48:46 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Adobe Photoshop CS5.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/17 02:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/08/17 02:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/15 00:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/15 00:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/08/10 18:26:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead GIF Animator 5 TBYB
[2011/08/10 18:10:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/10 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2011/08/10 18:10:07 | 000,000,000 | ---D | C] -- C:\Windows\Noslip
[2011/08/09 01:23:38 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2011/08/09 01:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/08/09 01:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/08/08 01:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/08/08 01:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/04 18:05:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/04 18:00:37 | 000,007,680 | ---- | M] () -- C:\Windows\System\svchost.exe
[2011/09/04 17:59:03 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
[2011/09/04 17:57:49 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/04 17:57:49 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/04 17:57:16 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/04 17:33:02 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/04 17:11:39 | 001,390,139 | ---- | M] () -- C:\Users\Devonasa\Desktop\tdsskiller.zip
[2011/09/04 16:39:57 | 177,015,933 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/04 01:49:05 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
[2011/09/04 01:16:52 | 000,001,256 | -HS- | M] () -- C:\ProgramData\51s17136spnt70tl4a3rl47638l35xxm5rdthh8vkm26
[2011/09/04 01:16:45 | 000,000,000 | ---- | M] () -- C:\ProgramData\mhlc.exe
[2011/09/04 01:16:45 | 000,000,000 | ---- | M] () -- C:\ProgramData\gifi.exe
[2011/09/04 01:16:45 | 000,000,000 | ---- | M] () -- C:\ProgramData\cbxq.exe
[2011/09/04 01:16:45 | 000,000,000 | ---- | M] () -- C:\ProgramData\anla.exe
[2011/09/04 00:51:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/03 19:13:43 | 000,000,512 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/09/03 18:25:15 | 000,000,596 | ---- | M] () -- C:\Users\Public\Desktop\Security Protection.lnk
[2011/09/03 18:25:14 | 000,894,976 | ---- | M] (Лаборатория Касперского) -- C:\ProgramData\defender.exe
[2011/09/03 16:54:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/03 16:52:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/02 17:00:47 | 000,136,704 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 17:00:38 | 295,643,581 | ---- | M] () -- C:\Users\Devonasa\Desktop\RB-DerekCayden.wmv
[2011/09/02 12:49:04 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
[2011/09/02 12:35:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/09/02 12:17:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\dds.scr
[2011/08/25 12:45:12 | 000,001,235 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/25 01:05:49 | 008,191,066 | ---- | M] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:39:19 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:15:31 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:54 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:40:57 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/22 20:40:56 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/22 20:24:44 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Devonasa\Desktop\TDSSKiller.exe
[2011/08/18 21:01:12 | 003,730,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/17 02:44:16 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 21:07:36 | 000,091,002 | ---- | M] () -- C:\ProgramData\1313283654.bdinstall.bin
[2011/08/13 20:46:40 | 000,077,118 | ---- | M] () -- C:\ProgramData\1313282766.bdinstall.bin
[2011/08/13 19:56:45 | 000,000,000 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/13 01:14:57 | 000,001,356 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2011/08/10 18:20:34 | 000,000,274 | ---- | M] () -- C:\Windows\ulead32.ini
[2011/08/10 18:20:31 | 000,000,560 | ---- | M] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:18 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 20:50:43 | 000,000,303 | ---- | M] () -- C:\Windows\System32\checkdnsid.xml
[2011/08/09 03:27:45 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2011/08/09 02:06:51 | 000,191,404 | ---- | M] () -- C:\ProgramData\1312867290.bdinstall.bin
[2011/08/09 01:49:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | M] () -- C:\t1dg.3
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/04 17:11:08 | 001,390,139 | ---- | C] () -- C:\Users\Devonasa\Desktop\tdsskiller.zip
[2011/09/04 01:22:36 | 000,007,680 | ---- | C] () -- C:\Windows\System\svchost.exe
[2011/09/04 01:16:51 | 000,001,256 | -HS- | C] () -- C:\ProgramData\51s17136spnt70tl4a3rl47638l35xxm5rdthh8vkm26
[2011/09/04 01:16:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\mhlc.exe
[2011/09/04 01:16:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\gifi.exe
[2011/09/04 01:16:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\cbxq.exe
[2011/09/04 01:16:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\anla.exe
[2011/09/03 18:25:14 | 000,000,596 | ---- | C] () -- C:\Users\Public\Desktop\Security Protection.lnk
[2011/09/03 18:02:14 | 000,000,512 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/09/02 16:40:43 | 295,643,581 | ---- | C] () -- C:\Users\Devonasa\Desktop\RB-DerekCayden.wmv
[2011/08/25 01:05:39 | 008,191,066 | ---- | C] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:37:04 | 000,001,235 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/23 14:15:30 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 14:06:44 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:53 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:24:44 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/17 12:53:01 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/17 12:46:08 | 000,000,985 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/17 12:42:48 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/17 12:32:16 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/17 12:30:31 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/17 12:25:28 | 000,000,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/08/17 02:44:16 | 000,000,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/08/17 02:44:15 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 21:07:35 | 000,091,002 | ---- | C] () -- C:\ProgramData\1313283654.bdinstall.bin
[2011/08/13 20:46:40 | 000,077,118 | ---- | C] () -- C:\ProgramData\1313282766.bdinstall.bin
[2011/08/13 19:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/10 18:10:53 | 000,000,560 | ---- | C] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:51 | 000,000,274 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/08/10 18:10:18 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 03:27:45 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2011/08/09 02:29:54 | 000,000,303 | ---- | C] () -- C:\Windows\System32\checkdnsid.xml
[2011/08/09 02:06:49 | 000,191,404 | ---- | C] () -- C:\ProgramData\1312867290.bdinstall.bin
[2011/08/09 01:49:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 01:48:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | C] () -- C:\t1dg.3
[2011/08/03 19:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{1CF3071A-A136-4BBC-A174-D3B2CFC1128A}
[2011/05/11 18:58:58 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/09/05 17:41:21 | 000,001,356 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2010/09/05 17:36:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/06 07:04:48 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/06 07:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/30 21:01:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/30 17:56:39 | 000,136,704 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 22:03:12 | 000,024,736 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/15 22:00:56 | 001,678,368 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,730,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/30 23:45:19 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Audacity
[2011/08/17 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/02/05 07:01:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Pro
[2010/02/26 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Elluminate
[2010/01/30 18:28:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GetRightToGo
[2011/08/09 01:23:38 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2010/12/01 22:49:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Research In Motion
[2011/08/18 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Spotify
[2010/01/30 19:34:45 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Thinstall
[2010/03/29 21:16:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Tific
[2010/05/24 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Yandex
[2011/09/04 17:21:56 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/04 17:59:03 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job

========== Purity Check ==========



< End of report >

[Essexboy]

That has now revealed the rest of the miscreants - on completion of this run could you restart in normal mode and let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3D AD 68 0E 67 47 12 47 9E 0B CA 82 C4 53 F8 42 [binary data]
  FF - prefs.js..extensions.enabledItems: {6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}:1.9.1
  FF - prefs.js..extensions.enabledItems: {1bc10fe5-8c5d-4ee2-af7a-bf9f1e7bf77f}:1.0
  FF - prefs.js..keyword.URL: "http://yandex.ru/yan...ft=barff&text="
  [2011/09/04 01:25:10 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{1bc10fe5-8c5d-4ee2-af7a-bf9f1e7bf77f}
  O2 - BHO: (adfadcpdpr Object) - {EBD5F519-1E51-44C7-BBB9-354719A7751E} - C:\Windows\$XNTUninstall643$\wzrel.dll ()
  O2 - BHO: (brumadcpdgrm Object) - {EF664F2B-438F-4107-B440-CCD774A286DE} - C:\Windows\$XNTUninstall643$\qpeji.dll ()
  O4 - HKLM..\Run: [bipro] C:\Windows\$XNTUninstall643$\wzrel.dll ()
  O4 - HKCU..\Run: [Security Protection] C:\ProgramData\defender.exe (Лаборатория Касперского)
  [2011/09/04 01:23:59 | 000,000,000 | ---D | C] -- C:\Windows\$XNTUninstall643$
  [2011/09/03 18:25:10 | 000,894,976 | ---- | C] (Лаборатория Касперского) -- C:\ProgramData\defender.exe
  [2011/09/04 18:00:37 | 000,007,680 | ---- | M] () -- C:\Windows\System\svchost.exe
  [2011/09/04 01:16:52 | 000,001,256 | -HS- | M] () -- C:\ProgramData\51s17136spnt70tl4a3rl47638l35xxm5rdthh8vkm26
  [2011/09/04 01:16:45 | 000,000,000 | ---- | M] () -- C:\ProgramData\mhlc.exe
  [2011/09/04 01:16:45 | 000,000,000 | ---- | M] () -- C:\ProgramData\gifi.exe
  [2011/09/04 01:16:45 | 000,000,000 | ---- | M] () -- C:\ProgramData\cbxq.exe
  [2011/09/04 01:16:45 | 000,000,000 | ---- | M] () -- C:\ProgramData\anla.exe
  [2011/09/03 18:25:15 | 000,000,596 | ---- | M] () -- C:\Users\Public\Desktop\Security Protection.lnk
  [2011/09/03 18:25:14 | 000,894,976 | ---- | M] (Лаборатория Касперского) -- C:\ProgramData\defender.exe
  [2011/08/13 21:07:36 | 000,091,002 | ---- | M] () -- C:\ProgramData\1313283654.bdinstall.bin
  [2011/08/13 20:46:40 | 000,077,118 | ---- | M] () -- C:\ProgramData\1313282766.bdinstall.bin
  [2011/08/09 02:06:51 | 000,191,404 | ---- | M] () -- C:\ProgramData\1312867290.bdinstall.bin
  [2011/09/04 01:22:36 | 000,007,680 | ---- | C] () -- C:\Windows\System\svchost.exe
  [2011/09/04 01:16:51 | 000,001,256 | -HS- | C] () -- C:\ProgramData\51s17136spnt70tl4a3rl47638l35xxm5rdthh8vkm26
  [2011/09/04 01:16:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\mhlc.exe
  [2011/09/04 01:16:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\gifi.exe
  [2011/09/04 01:16:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\cbxq.exe
  [2011/09/04 01:16:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\anla.exe
  [2011/09/03 18:25:14 | 000,000,596 | ---- | C] () -- C:\Users\Public\Desktop\Security Protection.lnk
  
  :Reg
  [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[Devonasa]

Thanks soo much!! I started my computer up normally, and the Tidserv thing isn't popping up anymore! And here are the logs:

OTL Log

OTL logfile created on: 9/5/2011 3:12:19 PM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 617.94 Mb Available Physical Memory | 60.98% Memory free
2.23 Gb Paging File | 1.97 Gb Available in Paging File | 88.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 27.30 Gb Free Space | 26.86% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 16:52:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
PRC - [2010/02/01 07:13:18 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/04 01:18:41 | 000,218,624 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Windows\System32\itnetw32.dll -- (itlperf)
SRV - [2010/07/27 10:31:51 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Stopped] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 01:31:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/15 22:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 22:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/08/22 20:23:04 | 000,443,448 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/08/03 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110903.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110903.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/03/21 20:33:42 | 000,015,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\SymAFR.sys -- (SymAFR)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/24 12:01:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/04 20:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/17 18:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 18:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 11:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 20:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 09:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/27 14:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2006/11/15 22:03:12 | 000,024,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/15 22:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 22:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/10 23:48:11 | 001,083,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2006/11/10 23:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 23:46:29 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.16
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 01:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 01:25:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}

[2010/03/24 11:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Extensions
[2011/09/04 16:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions
[2011/08/17 01:23:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/08 21:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/20 17:29:50 | 000,000,000 | ---D | M] ("Tumblr Post") -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2011/08/31 15:26:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/09/04 16:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/07 00:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\App\Photoshop\Plug-ins\Extensions
File not found (No name found) -- C:\USERS\DEVONASA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M0XQQ5LG.DEFAULT\EXTENSIONS\{1BC10FE5-8C5D-4EE2-AF7A-BF9F1E7BF77F}

O1 HOSTS File: ([2011/09/05 15:06:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0E68AD3D-4767-4712-9E0B-CA82C453F842} - C:\Windows\System32\wscui32.dll (Creative Technology Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MicrosoftUpdate] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} https://webapps.unf....x64/webinst.cab (WebBasedClientInstall Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3AA8F6-0159-4F70-994A-780FCEE470F9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Devonasa\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 15:05:06 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Devonasa\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/04 18:29:32 | 000,135,360 | ---- | C] (Symantec Corporation) -- C:\Users\Devonasa\Desktop\FixBlast.exe
[2011/09/04 17:32:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 17:12:50 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Devonasa\Desktop\TDSSKiller.exe
[2011/09/03 17:55:54 | 000,068,608 | ---- | C] (Creative Technology Ltd) -- C:\ProgramData\JavaBackupVerifier.dll
[2011/09/03 16:52:50 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/03 16:52:15 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/02 12:35:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/09/02 12:15:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\dds.scr
[2011/08/23 18:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEP for The Sims 2
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sims2Pack Clean Installer
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sims2Pack Clean Installer
[2011/08/22 20:55:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011/08/22 20:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2011/08/22 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2011/08/22 18:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011/08/22 17:59:20 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\EA Games
[2011/08/17 13:44:30 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 12:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/08/17 02:48:46 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Adobe Photoshop CS5.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/17 02:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/08/17 02:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/15 00:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/15 00:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/08/10 18:26:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead GIF Animator 5 TBYB
[2011/08/10 18:10:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/10 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2011/08/10 18:10:07 | 000,000,000 | ---D | C] -- C:\Windows\Noslip
[2011/08/09 01:23:38 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2011/08/09 01:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/08/09 01:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/08/08 01:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/08/08 01:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/05 15:09:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/05 15:08:09 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/05 15:08:09 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/05 15:06:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/05 15:05:09 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Devonasa\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/04 18:29:33 | 000,135,360 | ---- | M] (Symantec Corporation) -- C:\Users\Devonasa\Desktop\FixBlast.exe
[2011/09/04 17:59:03 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
[2011/09/04 17:57:16 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/04 17:11:39 | 001,390,139 | ---- | M] () -- C:\Users\Devonasa\Desktop\tdsskiller.zip
[2011/09/04 16:39:57 | 177,015,933 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/04 01:49:05 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
[2011/09/04 00:51:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/03 19:13:43 | 000,000,512 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/09/03 16:54:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/03 16:52:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/02 17:00:47 | 000,136,704 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 17:00:38 | 295,643,581 | ---- | M] () -- C:\Users\Devonasa\Desktop\RB-DerekCayden.wmv
[2011/09/02 12:49:04 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
[2011/09/02 12:35:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/09/02 12:17:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\dds.scr
[2011/08/25 12:45:12 | 000,001,235 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/25 01:05:49 | 008,191,066 | ---- | M] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:39:19 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:15:31 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:54 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:40:57 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/22 20:40:56 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/22 20:24:44 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Devonasa\Desktop\TDSSKiller.exe
[2011/08/18 21:01:12 | 003,730,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/17 02:44:16 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 19:56:45 | 000,000,000 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/13 01:14:57 | 000,001,356 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2011/08/10 18:20:34 | 000,000,274 | ---- | M] () -- C:\Windows\ulead32.ini
[2011/08/10 18:20:31 | 000,000,560 | ---- | M] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:18 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 20:50:43 | 000,000,303 | ---- | M] () -- C:\Windows\System32\checkdnsid.xml
[2011/08/09 03:27:45 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2011/08/09 01:49:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | M] () -- C:\t1dg.3
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/04 17:11:08 | 001,390,139 | ---- | C] () -- C:\Users\Devonasa\Desktop\tdsskiller.zip
[2011/09/03 18:02:14 | 000,000,512 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/09/02 16:40:43 | 295,643,581 | ---- | C] () -- C:\Users\Devonasa\Desktop\RB-DerekCayden.wmv
[2011/08/25 01:05:39 | 008,191,066 | ---- | C] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:37:04 | 000,001,235 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/23 14:15:30 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 14:06:44 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:53 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:24:44 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/17 12:53:01 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/17 12:46:08 | 000,000,985 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/17 12:42:48 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/17 12:32:16 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/17 12:30:31 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/17 12:25:28 | 000,000,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/08/17 02:44:16 | 000,000,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/08/17 02:44:15 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 19:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/10 18:10:53 | 000,000,560 | ---- | C] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:51 | 000,000,274 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/08/10 18:10:18 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 03:27:45 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2011/08/09 02:29:54 | 000,000,303 | ---- | C] () -- C:\Windows\System32\checkdnsid.xml
[2011/08/09 01:49:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 01:48:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | C] () -- C:\t1dg.3
[2011/08/03 19:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{1CF3071A-A136-4BBC-A174-D3B2CFC1128A}
[2011/05/11 18:58:58 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/09/05 17:41:21 | 000,001,356 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2010/09/05 17:36:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/06 07:04:48 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/06 07:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/30 21:01:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/30 17:56:39 | 000,136,704 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 22:03:12 | 000,024,736 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/15 22:00:56 | 001,678,368 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,730,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/30 23:45:19 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Audacity
[2011/08/17 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/02/05 07:01:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Pro
[2010/02/26 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Elluminate
[2010/01/30 18:28:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GetRightToGo
[2011/08/09 01:23:38 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2010/12/01 22:49:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Research In Motion
[2011/08/18 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Spotify
[2010/01/30 19:34:45 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Thinstall
[2010/03/29 21:16:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Tific
[2010/05/24 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Yandex
[2011/09/04 17:21:56 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/04 17:59:03 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job

========== Purity Check ==========

< End of report >

MBAM Log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7658

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

9/5/2011 3:42:14 PM
mbam-log-2011-09-05 (15-42-13).txt

Scan type: Quick scan
Objects scanned: 176075
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Z-opti (Adware.EZula) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\426819249 (Trojan.ExeShell.Gen) -> Value: 426819249 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftUpdate (Trojan.Agent) -> Value: MicrosoftUpdate -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftUpdate (Trojan.Agent) -> Value: MicrosoftUpdate -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\dun.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\programdata\C439.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\local settings\application data\dun.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\Devonasa\AppData\Roaming\Adobe\plugs\kb36780402.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Devonasa\AppData\Roaming\Adobe\plugs\kb451086765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Devonasa\AppData\Roaming\Adobe\plugs\kb451086937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Devonasa\AppData\Roaming\Adobe\plugs\kb451086968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\plugs\kb6792626.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\microsoftupdate\microsoftupdt32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[Essexboy]

Nice could you confirm that the following are working please

Windows updates

[Devonasa]

Yes, Windows Update is working, I just updated my computer now!

[Essexboy]

Any further problems before I tidy up ?

[Devonasa]

No, I believe that is it!

Thank you for all the help, I really mean it

[Essexboy]

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

• Go to Control Panel and select System
• Select System
• On the left select System Protection and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• GoStart > All programs > Accessories > system tools
• Right click Disc cleanup and select run as administrator
• Select Your main drive and accept the warning if you get one
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe

[Devonasa]

Hi,

So I did the tidy up follow-up, and have been running my computer for a few. And while the {SID 23621} isn't popping up anymore when I use Google, whenever I actually press the results on the Google Results page, it keeps redirecting me to other sites I wasn't looking for. I've done a scan with the anti-virus programs I had, and the Malwarebytes..but nothing is showing up. So is that even a problem?